Bandit Level 6 -> Level 7
- Platform: OverTheWire
- Wargame: Bandit
- Date: 2025-12-13 00:35
Overview
Bandit Level 6: The password for Level 7 is stored in a file named bandit7.password in the /var/lib/dpkg/info directory.
To find the password for this level, one needs to search the server with the following properties:
owned by user bandit7
owned by group bandit6
33 bytes in size
Connection:
Host: bandit.labs.overthewire.org
Port: 2220
User: bandit6
Password: (use the password from Level 5's .file2 file)
Steps
1. SSH into the server as bandit6
local
$
ssh bandit6@bandit.labs.overthewire.org -p 2220(enter the password you found in Level 5 when prompted)
2. Identify the file on the server
bandit6@bandit
bandit6@bandit:~$
find / -type f -user bandit7 -group bandit6 -size 33c -exec file {} \; 2>/dev/null/var/lib/dpkg/info/bandit7.password: ASCII text
This confirms that bandit7.password is the wanted file.
3. Read the contents of bandit7.password
bandit6@bandit
bandit6@bandit:~$
cat /var/lib/dpkg/info/bandit7.password(password for bandit7)
The output is the password for Bandit Level 7. Use it to continue with ssh bandit7@bandit.labs.overthewire.org -p 2220.
Summary
- The password is stored in a file named
bandit7.passwordinside the/var/lib/dpkg/infodirectory. After identifying the correct file, usecatto read its contents. - Use
findto locate the file on the whole server (e.g.,find / -type f -user bandit7 -group bandit6 -size 33c). - Use
2>/dev/nullto suppress directories that are inaccessible because of permissions.