OverTheWire Bandit: Level 17 to Level 18
The Goal
Two files in the home directory: passwords.old and passwords.new. Both contain hundreds of lines. One line has changed between them. Find the changed line in passwords.new — that’s the password.
What I Did
Listed the directory and saw both files. Opened both with cat to understand the structure — both had roughly 100 lines of what looked like passwords.
Tried a few wrong approaches with diff before finding the right syntax:
1
2
3
4
5
6
7
8
diff ! %= passwords.old passwords.new
# bash: extra operand error — ! and %= are shell history characters, not flags
diff passwords.old passwords.new %= 1>ot.txt
# Permission denied — can't write to home directory, and %= doesn't exist
diff -normal passwords.old passwords.new
# invalid option — single dash is for single-character flags only
Finally used the correct syntax:
1
2
3
4
5
diff --normal passwords.old passwords.new
42c42
< icUh23IUytZLIYhcCaXL18agiSIqymBc
---
> OQxXZjELndr90zuhOTDYBEomI0SZITXI
The < line is what’s in passwords.old. The > line is what’s in passwords.new. OQxXZjELndr90zuhOTDYBEomI0SZITXI is the password.
What diff Does
diff compares two files line by line and outputs only the differences. It’s designed for exactly this — finding what changed between two versions of a file.
The output format:
1
2
3
4
42c42
< old line
---
> new line
42c42— line 42 in file 1 was changed to line 42 in file 2<— line from the first file (passwords.old)>— line from the second file (passwords.new)---— separator between the two versions
Other markers you’ll see in diff output:
| Marker | Meaning |
|---|---|
< | Line only in file 1 |
> | Line only in file 2 |
c | Line changed between files |
a | Line added in file 2 |
d | Line deleted from file 1 |
Better Ways to Do It
The cleanest approach — pipe diff into grep to extract just the new line:
1
2
diff passwords.old passwords.new | grep "^>"
> OQxXZjELndr90zuhOTDYBEomI0SZITXI
^> means “lines starting with >” — which is exactly the lines from passwords.new that differ. This gives just the password without the line numbers or separators.
--normal flag is also redundant — the default diff output is already normal format:
1
diff passwords.old passwords.new
Produces the same result.
What I Learned
diff is for comparing files. Essential for version control, patch management, and config auditing in security work. When you need to know what changed between two versions of a file, diff is the tool.
Single dash vs double dash for flags. -n would be a single-character flag. --normal is a full-word flag. Using -normal tries to parse -n, -o, -r, -m, -a, -l as separate single-character flags — which fails because most of them aren’t valid options for diff.
^> in grep matches lines starting with >. The ^ anchors the match to the start of the line. Without it, grep ">" would also match lines containing > anywhere — like HTML or redirect symbols in a file.
Commands Used
| Command | What it did |
|---|---|
diff --normal passwords.old passwords.new | Showed the one changed line between the two files |
diff passwords.old passwords.new \| grep "^>" | Cleaner version — outputs just the new line |