Level 6 Solution - OverTheWire Bandit

Level Goal

The password for bandit7 is stored in a file somewhere on the server that meets all of these criteria:

Owned by user bandit7
Owned by group bandit6
Exactly 33 bytes in size

Step-by-Step Solution

1. Exit Level 5 and SSH into Level 6

After retrieving the Level 6 password from maybehere07/.file2, exit your current SSH session:

exit

Then connect as bandit6 using the password obtained in Level 5:

ssh bandit6@bandit.labs.overthewire.org -p 2220

2. Verify No Files Are Visible Initially

Once logged in as bandit6, run:

ls

No files appear in the home directory.

3. Understand the File Selection Criteria

The level instructions state that the password file is:

Owned by user bandit7
Owned by group bandit6
Exactly 33 bytes in size

4. Use `find` to Locate the File

To search the entire filesystem for a file matching those attributes, use:

find -user bandit7 -group bandit6 -size 33c

This command will print paths of any files owned by bandit7, in group bandit6, and exactly 33 bytes in size. While there may be many "Permission Denied" files, one matching file appears as:

/var/lib/dpkg/info/bandit7.password

5. Read the Password File

Display its contents to obtain the password for bandit7:

cat /var/lib/dpkg/info/bandit7.password

The output is the password for bandit7.

Summary & Key Commands

exit : return to your local machine from Level 5.
ssh bandit6@bandit.labs.overthewire.org -p 2220 : connect as bandit6.
ls : confirm no files in home directory.
find -user bandit7 -group bandit6 -size 33c : locate the 33-byte file owned by bandit7 and group bandit6.
cat /var/lib/dpkg/info/bandit7.password : display the file; retrieve the bandit7 password.