Over the Wire - Bandit 13

Bandit 13

Objectives

The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!)

Solution

First lets copy the file to a temporary directory so we can manipulate it

bandit12@bandit:~$ mkdir /tmp/asbandit12bandit12@bandit:~$ cp data.txt /tmp/asbandit12bandit12@bandit:~$ cd /tmp/asbandit12bandit12@bandit:/tmp/asbandit12$ lsdata.txt

now lets convert the hexdump back to its original file 
​

bandit12@bandit:/tmp/asbandit12$ xxd -r data.txt data.binbandit12@bandit:/tmp/asbandit12$ lsdata.bin  data.txt

so now if we check the file type for the reverted data.bin file

<bandit12@bandit:/tmp/asbandit12$ file data.bindata.bin: gzip compressed data, was "data2.bin", last modified: Tue Oct 16 12:00:23 2018, max compression, from Unix

so it is a gzip file
lets rename it to .gz

bandit12@bandit:/tmp/asbandit12$ mv data.bin data.gzbandit12@bandit:/tmp/asbandit12$ lsdata.gz  data.txt

now lets decompress it  the -N switch automatically renames it to its original file name

bandit12@bandit:/tmp/asbandit12$ gunzip -N data.gzbandit12@bandit:/tmp/asbandit12$ lsdata2.bin  data.txt

Let's see if its really a bin file?

bandit12@bandit:/tmp/asbandit12$ file data2.bindata2.bin: bzip2 compressed data, block size = 900k

Nope its a bzip lets rename and unzip it

bandit12@bandit:/tmp/asbandit12$ mv data2.bin data2.bz2bandit12@bandit:/tmp/asbandit12$ lsdata2.bz2  data.txtbandit12@bandit:/tmp/asbandit12$ bunzip2 data2.bz2bandit12@bandit:/tmp/asbandit12$ lsdata2  data.txt

is this its final form? Nope that was a gzip file too

bandit12@bandit:/tmp/asbandit12$ file data2data2: gzip compressed data, was "data4.bin", last modified: Tue Oct 16 12:00:23 2018, max compression, from Unix

we'll rename it to .gz and unzip and see what kind of file that was

bandit12@bandit:/tmp/asbandit12$ mv data2 data2.gzbandit12@bandit:/tmp/asbandit12$ gunzip -N data2.gzbandit12@bandit:/tmp/asbandit12$ lsdata4.bin  data.txtbandit12@bandit:/tmp/asbandit12$ file data4.bindata4.bin: POSIX tar archive (GNU)

ok now its a tar file...... this is getting a bit ridiculous

bandit12@bandit:/tmp/asbandit12$ mv data4.bin data4.tarbandit12@bandit:/tmp/asbandit12$ tar -xvf data4.tardata5.binbandit12@bandit:/tmp/asbandit12$ lsdata4.tar  data5.bin  data.txtbandit12@bandit:/tmp/asbandit12$ file data5.bindata5.bin: POSIX tar archive (GNU)

ok double tar'd

bandit12@bandit:/tmp/asbandit12$ mv data5.bin data5.tarbandit12@bandit:/tmp/asbandit12$ tar -xvf data5.tardata6.binbandit12@bandit:/tmp/asbandit12$ file data6.bindata6.bin: bzip2 compressed data, block size = 900k

now its BZ again

bandit12@bandit:/tmp/asbandit12$ mv data6.bin data6.bz2bandit12@bandit:/tmp/asbandit12$ bunzip2 data6.bz2bandit12@bandit:/tmp/asbandit12$ lsdata4.tar  data5.tar  data6  data.txtbandit12@bandit:/tmp/asbandit12$ file data6data6: POSIX tar archive (GNU)

and now its a tar again....... little past ridiculous now huh?

bandit12@bandit:/tmp/asbandit12$ mv data6 data6.tarbandit12@bandit:/tmp/asbandit12$ tar -xvf data6.tardata8.binbandit12@bandit:/tmp/asbandit12$ file data8.bindata8.bin: gzip compressed data, was "data9.bin", last modified: Tue Oct 16 12:00:23 2018, max compression, from Unix

now its back to gz

bandit12@bandit:/tmp/asbandit12$ mv data8.bin data8.gzbandit12@bandit:/tmp/asbandit12$ gunzip -N data8.gzbandit12@bandit:/tmp/asbandit12$ lsdata4.tar  data5.tar  data6.tar  data9.bin  data.txtbandit12@bandit:/tmp/asbandit12$ file data9.bindata9.bin: ASCII text

Wahooooo it's an ascii file lets read it

bandit12@bandit:/tmp/asbandit12$ cat data9.binThe password is 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL

now I have to figure out how to do this in python

import osimport subprocessimport shleximport gzipimport glob

os.system("xxd -r data.txt data.bin")
gziptype = 'application/gzip'txt = 'text/plain'tar = 'application/x-tar'bzip = 'application/x-bzip2'
filename = ''mime_type = ''newfile = ''
def funcgzip(): global filename base = os.path.splitext(filename)[0] filenamenewgz =  base + '.gz' os.rename(filename, base + '.gz') filename = filenamenewgz command = ('gunzip -N ' +filename) os.system(command)
def funcbzip(): global filename base = os.path.splitext(filename)[0] filenamenewbz =  base + '.bz2' os.rename(filename, base + '.bz2') filename = filenamenewbz command = ('bunzip2 ' +filename) os.system(command)

def functar(): global filename base = os.path.splitext(filename)[0] filenamenewtar =  base + '.tar' os.rename(filename, base + '.tar') filename = filenamenewtar command = ('tar -xvf ' +filename) os.system(command)

def findnew(): global newfile global filename list_of_file = glob.glob('./*') newfile = max(list_of_file,key=os.path.getctime) filename = newfile return(filename)

def filemimetype(): global mime_type global filename cmd = shlex.split('file --mime-type {0}'.format(filename)) result = subprocess.check_output(cmd) mime_type = result.split()[-1]


def ascii(): global mime_type if mime_type == txt:  print('txt mimetype', filename)  os.system('cat '+filename) else:   if mime_type == gziptype:   funcgzip()  else:   if mime_type == tar:    functar()   else:    if mime_type == bzip:     funcbzip()    else:     print('oops')    

findnew()filemimetype()
while mime_type != txt: findnew() filemimetype()
 ascii()

...'./data.bin''./data2.bin''./data2''./data4.bin'data5.bin'./data5.bin'data6.bin'./data5.tar'data6.bin'./data6.bin''./data6'data8.bin'./data8.bin''./data9.bin'('txt mimetype', './data9.bin')The password is 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL