The Goal

The password is stored somewhere on the server with three known properties:

  • Owned by user bandit7
  • Owned by group bandit6
  • 33 bytes in size

The Approach

The file is not in the bandit6 home directory. After navigating to the filesystem root, find can be run with multiple filters. Piping through grep for "password" in the path trims the output to the most likely result:

bandit6@bandit:/$ find -group bandit6 -size 33c -user bandit7 | grep "password"
./var/lib/dpkg/info/bandit7.password
bandit6@bandit:/$ cat ./var/lib/dpkg/info/bandit7.password
password

Commands Covered

  • find -group <name>, filter by group ownership
  • find -user <name>, filter by user ownership
  • find -size 33c, filter by exact size in bytes