OverTheWire Bandit: Level 4 → Level 5

Context

A common scenario in cyber security and forensics: You receive a file with no extension or, even worse, a misleading extension.

In the Windows world, .exe implies an executable, and .jpg implies an image. Linux operates differently. Linux largely ignores file extensions. Instead, it determines what a file “is” by looking at its Magic bytes (header signature) and content.

This level teaches us how to analyze file types correctly.

Goal

The password is hidden inside the inhere directory. The directory contains many files with generic names (like -file00). The password is in the only file that is human-readable.

Solution

First, let’s look at the directory:

ls -F
# inhere/

Let’s enter the directory and list the contents:

cd inhere
ls -la

We face a mess of files:

-file00
-file01
-file02
...
-file09

They all look similar in size and name. Trying to cat them one by one is risky; printing binary data to the terminal can corrupt your display (garbled text).

This is where the file command saves the day. It analyzes the file’s content (specifically the signature/magic numbers) without opening it.

Let’s verify all files at once using a wildcard (*):

file ./*

Output:

./-file00: data
./-file01: OpenPGP Public Key
./-file02: OpenPGP Public Key
./-file03: data
./-file04: data
./-file05: data
./-file06: data
./-file07: ASCII text
./-file08: data
./-file09: data

As you can see, everything is just raw data (binary), except for -file07, which is identified as ASCII text.

We found our target:

cat ./-file07
# The password appears

Key Takeaways

The file Command: The most reliable way to identify a file’s actual type. Never trust extensions; trust the file command.
Binary vs. Text: Files identified as “data” are usually non-readable binary formats. “ASCII text” or “UTF-8 Unicode text” files are safe to read with cat.
Wildcards (*): Instead of running a command on each file individually, use * to apply the operation to everything in the current directory (e.g., file ./*).