The password for the next level is stored somewhere on the server and has all of the following properties: - owned by user bandit7 - owned by group bandit6 - 33 bytes in size
At first I would go for something like that
bandit6@melinda:/$ find −type f −size 33c −readable −user bandit7 −group bandit6However this would give a bunch of "Permission denied" files. A hack would be to cat every of those files to get the password (it works) but I still think it is not clean enough:
bandit6@melinda:/$ find −type f −size 33c −readable −user bandit7 −group bandit6 | xargs cat
[ loads of Permission denied removed ]
find: ‘./home/leviathan0/.backup’: Permission denied
find: ‘./home/drifter6/data’: Permission denied
find: ‘./home/leviathan4/.trash’: Permission denied
find: ‘./home/drifter8/chroot’: Permission denied
find: ‘./sys/kernel/debug’: Permission denied
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzsA better solution would be to simply not display those "Permission denied" files. Since the message "Permission denied" is an error, all we have to do is redirect the error output to /dev/null:
bandit6@melinda:/$ find −type f −size 33c −readable −user bandit7 −group bandit6 2>/dev/null./var/lib/dpkg/info/bandit7.passwordAnd there we go! Now we just have to display the password :)