SalehTZ
Posts Tags Categories About
SalehTZ

Contents

Bandit Level 4 to 5: Finding Human-Readable Text in a Data Maze

Using the 'file' command to distinguish ASCII text from binary data and locate the password file.

 included in Cybersecurity CTF
   550 words   3 minutes 

Introduction

In the last level, we learned to find files that were intentionally hidden from view. Now, in Bandit Level 4 to 5, the challenge is different. The password file isn’t hidden, but it’s lost in a crowd of other files that are unreadable to humans.

This level teaches us a critical skill: how to programmatically identify the type of data a file contains, allowing us to quickly find the needle in the haystack.

The Challenge: Level 4 Goal

The official goal on the OverTheWire website states:

The password for the next level is stored in the only human-readable file in the inhere directory.

The key phrase here is “human-readable.” We need a tool that can tell us which file is plain text and which ones are binary data.

Step-by-Step Walkthrough

Let’s dive in and analyze these files.

Step 1: Log into bandit4

Use the password you found in the .hidden file from the previous level to SSH into bandit4.

ssh [email protected] -p 2220

Step 2: Investigate the inhere Directory

First, cd into the inhere directory as instructed.

cd inhere

Now, list its contents.

ls

You’ll see a list of ten files, all with similar names.

-file00  -file02  -file04  -file06  -file08
-file01  -file03  -file05  -file07  -file09

Step 3: The Problem of Trial and Error

You could try to cat each file one by one, but you’ll quickly run into a problem. Most of the files contain binary data, and trying to print them to your terminal will result in a mess of garbled characters and might even cause your terminal to behave strangely.

cat ./-file00 
# ^<83>^C^C^@^B^@^ ... (gibberish output)

We need a smarter approach.

Step 4: The Solution - The file Command

The perfect tool for this job is the file command. It examines a file’s contents and tells you what type of file it is. We can use a wildcard (*) to run the command on all the files in the directory at once.

file ./*

This command will produce a clean, informative list.

-file00: data
-file01: data
-file02: data
-file03: data
-file04: data
-file05: data
-file06: data
-file07: ASCII text
-file08: data
-file09: data

The output clearly shows that -file07 is “ASCII text,” which is the human-readable file we’re looking for!

Step 5: Retrieve the Password

Now that we have identified the correct file, we can safely use cat to read its contents. Since the filename starts with a hyphen, it’s best practice to use the ./ prefix.

cat ./-file07

This will print the password for bandit5.

# yours might be different
4oQYVPkxZOOEOO5pTW81FB8j8lxXGUQw

Key Concepts Learned

  1. File Content Analysis: We learned that you cannot rely on filenames or extensions to know what a file contains. The file command inspects the actual data to make a determination.
  2. ASCII vs. Binary Data: This level provides a practical example of the difference between human-readable text (ASCII) and machine-readable data (binary).
  3. Shell Wildcards (*): The asterisk is a powerful tool for applying a command to multiple files at once, saving significant time and effort.

Conclusion

You’ve successfully sifted through a directory of miscellaneous data to find the one piece of useful information. The file command is an indispensable utility in cybersecurity and system administration for quickly understanding the contents of a filesystem.

Save the password and get ready for Level 5!

Updated on 2025-10-15
Read Markdown
 BanditOverTheWireCybersecurityLinuxCommand-LineCTFFile CommandASCIIBinary
Back | Home