OverTheWire Bandit: Level 5 → Level 6

Context

Often, you don’t have the filename, but you do have its properties. As a system administrator or security professional, you might need to find “all log files larger than 700MB” or “files modified in the last hour” among thousands of others.

This level introduces the find command, Linux’s most powerful search utility.

Goal

The password is stored in a file somewhere under the inhere directory. The file has the following properties:

1. Human-readable
2. 1033 bytes in size
3. Not executable

Solution

First, verify where we are:

cd inhere

Running ls -R (recursive) simply floods the screen with too many files. It’s like finding a needle in a haystack. Instead, we construct a find command.

Let’s translate our criteria into find syntax:

• Must be a file (-type f)
• Size must be exactly 1033 bytes (-size 1033c). (In find, c stands for bytes, k for kilobytes, M for megabytes).
• Must not be executable (! -executable). (The ! operator acts as a logical NOT).

Combining them:

find . -type f -size 1033c ! -executable

Output:

./maybehere07/.file2

It returned exactly one result! This must be our file. Let’s read it:

cat ./maybehere07/.file2
# Password is displayed

Note: If the path contained spaces (e.g., ./maybe here/.file2), remember to use quotes (cat "./maybe here/.file2").

Key Takeaways

1. find Filters:
   • -size: Search by size (1033c = 1033 bytes, +10M = larger than 10MB).
   • -type: Search by type (f = file, d = directory).
   • -executable: Search by permission.
2. Logical Operators: using ! (NOT) helps exclude results that match a certain criteria.

In Linux, if you can’t “find” something, you probably just need to be more specific with your find command.