Bandit Level 12 -> Level 13

Platform: OverTheWire
Wargame: Bandit
Date: 2025-12-13 13:23

Overview

Bandit Level 12: The password for Level 13 is stored in a file named data.txt that is a hexdump that has been repeatedly compressed.

One will need to decompress the file data.txt using multiple methods.

Connection:

Host: bandit.labs.overthewire.org
Port: 2220
User: bandit12
Password: (use the password from Level 11's data.txt file)

Steps

1. SSH into the server as bandit12

local

$

ssh bandit12@bandit.labs.overthewire.org -p 2220

(enter the password you found in Level 11 when prompted)

2. Decompress the file

bandit12@bandit

bandit12@bandit:~$

cd $(mktemp -d)

bandit12@bandit:/tmp/tmp.oFAA0IaH0q$

cp ~/data.txt .

bandit12@bandit:/tmp/tmp.oFAA0IaH0q$

file data.txt

data.txt: ASCII text

bandit12@bandit:/tmp/tmp.oFAA0IaH0q$

xxd -r data.txt > data.gz

bandit12@bandit:/tmp/tmp.oFAA0IaH0q$

file data.gz

data.gz: gzip compressed data, was "data2.bin", last modified: Tue Oct 14 09:26:06 2025, max compression, from Unix, original size modulo 2^32 564

bandit12@bandit:/tmp/tmp.oFAA0IaH0q$

gunzip data.gz

bandit12@bandit:/tmp/tmp.oFAA0IaH0q$

file data

data: bzip2 compressed data, block size = 900k

bandit12@bandit:/tmp/tmp.oFAA0IaH0q$

bunzip2 data

bunzip2: Can't guess original name for data -- using data.out

bandit12@bandit:/tmp/tmp.oFAA0IaH0q$

file data.out

data.out: gzip compressed data, was "data4.bin", last modified: Tue Oct 14 09:26:06 2025, max compression, from Unix, original size modulo 2^32 20480

bandit12@bandit:/tmp/tmp.oFAA0IaH0q$

mv data.out data.gz

bandit12@bandit:/tmp/tmp.oFAA0IaH0q$

gunzip data.gz

bandit12@bandit:/tmp/tmp.oFAA0IaH0q$

file data

data: POSIX tar archive (GNU)

bandit12@bandit:/tmp/tmp.oFAA0IaH0q$

tar -xvf data

data5.bin

bandit12@bandit:/tmp/tmp.oFAA0IaH0q$

file data5.bin

data: POSIX tar archive (GNU)

bandit12@bandit:/tmp/tmp.oFAA0IaH0q$

tar -xvf data5.bin

data6.bin

bandit12@bandit:/tmp/tmp.oFAA0IaH0q$

file data6.bin

data6.bin: bzip2 compressed data, block size = 900k

bandit12@bandit:/tmp/tmp.oFAA0IaH0q$

bunzip2 data6.bin

bunzip2: Can't guess original name for data6.bin -- using data6.bin.out

bandit12@bandit:/tmp/tmp.oFAA0IaH0q$

file data6.bin.out

data6.bin.out: POSIX tar archive (GNU)

bandit12@bandit:/tmp/tmp.oFAA0IaH0q$

tar -xvf data6.bin.out

data8.bin

bandit12@bandit:/tmp/tmp.oFAA0IaH0q$

file data8.bin

data8.bin: gzip compressed data, was "data9.bin", last modified: Tue Oct 14 09:26:06 2025, max compression, from Unix, original size modulo 2^32 49

bandit12@bandit:/tmp/tmp.oFAA0IaH0q$

mv data8.bin data8.gz

bandit12@bandit:/tmp/tmp.oFAA0IaH0q$

gunzip data8.gz

bandit12@bandit:/tmp/tmp.oFAA0IaH0q$

file data8

data8: ASCII text

bandit12@bandit:/tmp/tmp.oFAA0IaH0q$

cat data8

The password is (password for bandit13)

Summary

The password is stored in a compressed file named data.txt in the home directory of bandit12.
Use cd $(mktemp -d) command to create a temp directory and change into that newly created directory.
Use cp to copy file(s).
Use file to ID the file type.
Use multiple decompress commands: xxd -r, gunzip, bunzip2, and tar -xvf.
Use cat to send text file(s) to stdout.