Post

Overthewire-Bandit Level 12 - xxd

Posted Updated
By Anthony Yeung 3 min read

image

Ref:

Bandit Level 12

Level Goal The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work. Use mkdir with a hard to guess directory name. Or better, use the command “mktemp -d”. Then copy the datafile using cp, and rename it using mv (read the manpages!)

Commands you may need to solve this level grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd, mkdir, cp, mv, file

Helpful Reading Material Hex dump on Wikipedia

SSH

1
2

ssh bandit12@bandit.labs.overthewire.org -p 2220
7x16WNeHIi5YkIhWsfFIqoognUTyj9Q4

1️⃣ Create a temporary file (most common) Exampole:

1
2
3

Shelltmpfile=$(mktemp)
echo "Hello world" > "$tmpfile"
cat "$tmpfile"

Example output filename:

1

/tmp/tmp.xY8aP3kL

✅ File is:

unique securely created writable by the current user

#

2️⃣ Create a temporary directory

1
2

tmpdir=$(mktemp -d)
echo " Temp directory created at: $tmpdir"

Example:

1

/tmp/tmp.R4gQeM2s

# 3️⃣ Use a filename template You control part of the name using XXXXXX (⚠️ At least 3 Xs required, usually 6)

1

mktemp myfile.XXXXXX

# 4️⃣ Temporary file with extension

1

mktemp /tmp/data.XXXXXX.txt

#

5️⃣ Safe temporary file in a script (best practice)

1
2
3
4
5

tmpfile=$(mktemp) || exit 1

trap 'rm -f "$tmpfile"' EXIT

echo "Processing data..." > "$tmpfile"

# 6️⃣ Temporary directory inside a script

1
2
3
4
5

tmpdir=$(mktemp -d) || exit 1

trap 'rm -rf "$tmpdir"' EXIT

cp file1 file2 "$tmpdir/"

# 7️⃣ Specify temp location explicitly

1

mktemp --tmpdir=/var/tmp myprog.XXXXXX

or

1

mktemp -p /var/tmp myprog.XXXXXX

# 8️⃣ What NOT to do (important!) ❌ Unsafe

1
2

tmp=/tmp/myfile
echo "data" > "$tmp"

This can cause:

  • race conditions
  • security vulnerabilities

✅ Safe

1

tmp=$(mktemp)

#

✅ Quick one-line examples

1
2
3
4

mktemp
mktemp -d
mktemp /tmp/test.XXXXXX
mktemp /tmp/test.XXXXXX.log

✅ When you’ll see this in real life

  • Shell scripts
  • Installers
  • System utilities
  • Security‑safe scripting
  • Bandit / CTF levels #
  1. Create a safe working directory
  2. Convert the hexdump back to binary
  3. Repeatedly identify the file type
  4. Decompress / extract layer by layer
  5. Read the final file to get the password # Commands:

1️⃣ Create a temporary working directory (safe & clean)

1
2
3
4
5
6
7

bandit12@bandit:~$ 

tmpdir=$(mktemp -d)

echo $tmpdir

/tmp/tmp.alWbhHwbus

2️⃣ Copy the data file into the temp directory

1
2
3
4
5
6
7

cp data.txt $tmpdir

cd $tmpdir

bandit12@bandit:/tmp/tmp.alWbhHwbus$ ls
data.txt

3️⃣ Convert the hexdump back into a binary file The file is a hexadecimal dump, so we convert it using xxd.

1
2
3
4
5
6
7
8
9
10
11
12

xxd -r data.txt > data.bin

bandit12@bandit:/tmp/tmp.alWbhHwbus$ xxd -r data.txt>data.bin

bandit12@bandit:/tmp/tmp.alWbhHwbus$ 
ls -las

total 10416
    4 drwx------ 2 bandit12 bandit12     4096 Mar 30 20:13 .
10404 drwxrwx-wt 1 root     root     10641408 Mar 30 20:13 ..
    4 -rw-rw-r-- 1 bandit12 bandit12      597 Mar 30 20:13 data.bin
    4 -rw-r----- 1 bandit12 bandit12     2573 Mar 30 20:10 data.txt

#

4️⃣ Identify the file type Always use file before guessing.

1

file data.bin

👉 This tells you which command to use next. Example output:

1

data.bin: gzip compressed data

# 5️⃣ Decompress / extract repeatedly This is the core of the level. Below is the exact pattern you will repeat:

  1. Run file
  2. Rename the file with the correct extension
  3. Decompress or extract
  4. Repeat
1
2
3

mv data.bin data.gz

gzip -d data.gz

1
2
3
4
5
6
7
8
9
10
11

bandit12@bandit:/tmp/tmp.alWbhHwbus$ 
gzip  -d data.gz

bandit12@bandit:/tmp/tmp.alWbhHwbus$ 
ls -las

total 10416
    4 drwx------ 2 bandit12 bandit12     4096 Mar 30 20:19 .
10404 drwxrwx-wt 1 root     root     10641408 Mar 30 20:19 ..
    4 -rw-rw-r-- 1 bandit12 bandit12      564 Mar 30 20:13 data
    4 -rw-r----- 1 bandit12 bandit12     2573 Mar 30 20:10 data.txt

bzip2 layer

1
2
3

file data
mv data data.bz2
bzip2 -d data.bz2

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

mv data.bz2 data.gz
gzip -d data.gz

mv data.bz2 data.tar
tar -xf data.tar

bandit12@bandit:/tmp/tmp.uArXRXtTam$ mv data8.bin data.gz

bandit12@bandit:/tmp/tmp.uArXRXtTam$ ls
data.gz  data.tar  data.txt

bandit12@bandit:/tmp/tmp.uArXRXtTam$ gzip -d data.gz

bandit12@bandit:/tmp/tmp.uArXRXtTam$ ls
data  data.tar  data.txt

bandit12@bandit:/tmp/tmp.uArXRXtTam$ file data
data: ASCII text

bandit12@bandit:/tmp/tmp.uArXRXtTam$ cat data
The password is FO5dwFsc0cbaIiH0h8J2eUks2vdTDwAn
Linux
Linux
This post is licensed under CC BY 4.0 by the author.