Since we already logged in to the targeted machine in Bandit 0, we are required to get the password “flag” for this Bandit. However, before we know how to get the flag, we must identify the given information for this machine, as shown below: The password files are stored in a file called readme, which is located in the home directory.
Before we try to look for this file, we have to discuss the learning outcome for this machine, which is learning specific commands like:
- ls
- cat
Viewing Lists
The ls command [short for list] displays the contents of the current working directory, which includes files and directories, as shown below. Furthermore, it is like browsing files using File Explorer or Finder through the graphical interface [GUI]. In addition, the ls command has some flags or signs [sometimes called options], which are additional information that changes how files or directories are displayed on the terminal. Moreover, the ls command has many flags, sometimes called options, such as ls -l, ls -la, ls -lh, ls -R, and much more; every single one of these flags displays certain information that changes the way files or directories are displayed on the terminal.
Viewing Detailed Lists
ls -l is a command to display the contents of the current directory or path in the form of a table that contains accurate information such as the permissions granted to each file and directory, the number of links, the user owner of the file, and directory, the owner group, the size of the content [in bytes], the time and date of last modification, and the name of the file and directory as well, as shown in below. However, it has a defect: it does not display hidden files and directories.
Viewing File Contents
We use the cat command to view specific file contents in Linux. This command is utilized to view and display the contents on the terminal without opening the file. However, the cat command comes in the following syntax form:
e@e:~$ cat [OPTION] [FILES(s)]
The OPTION represents many unique options as it displays data with a specific structure according to the option written in the command, as shown in the table below. Furthermore, the image below shows the contents of a file called [textfile] using the command:
e@e:~$ cat textfile
| Option | Purpose |
| -r | Displays line numbers before each line of the output. |
| -E | Displays a “$” symbol at the end of each line of the output. |
| -T | Displays “^I” for each tab character in the output. |
Giving Information
- Flag location: Home directory
- File name: readme
Since the file is located in the home directory, there’s no need to navigate the file system. After accessing the machine, we’ll already be in the home directory, as confirmed by running the following command:
bandit0@bandit:~$ pwd
Finding The Flag
The output confirms our location in the file system, showing that we are indeed in the home directory. Therefore, for this challenge, we don’t need to navigate the file system.
Next, let’s list all the files in the current directory using the following command:
bandit0@bandit:~$ ls
The system will output all the files in the current directory, revealing the presence of the readme file containing the password “flag” for the next machine.
To view the file content, we’ll use the cat command:
bandit0@bandit:~$ cat readme
As shown, we successfully retrieve the flag for the next machine. The next step is to copy this flag and store it in a separate file for future use when SSHing into the next machine.
We have successfully accessed the Bandit 1 machine and extracting the required information and are now prepared to advance further in our quest to conquer the challenges ahead! To embark on the next phase of our journey and explore the next walkthrough, click here.