Post

OverTheWire Bandit: Level 17 to Level 18

OverTheWire Bandit: Level 17 to Level 18

The Goal

Two files in the home directory: passwords.old and passwords.new. Both contain hundreds of lines. One line has changed between them. Find the changed line in passwords.new — that’s the password.

What I Did

Listed the directory and saw both files. Opened both with cat to understand the structure — both had roughly 100 lines of what looked like passwords.

Tried a few wrong approaches with diff before finding the right syntax:

1
2
3
4
5
6
7
8
diff ! %= passwords.old passwords.new
# bash: extra operand error — ! and %= are shell history characters, not flags

diff passwords.old passwords.new %= 1>ot.txt
# Permission denied — can't write to home directory, and %=  doesn't exist

diff -normal passwords.old passwords.new
# invalid option — single dash is for single-character flags only

Finally used the correct syntax:

1
2
3
4
5
diff --normal passwords.old passwords.new
42c42
< icUh23IUytZLIYhcCaXL18agiSIqymBc
---
> OQxXZjELndr90zuhOTDYBEomI0SZITXI

The < line is what’s in passwords.old. The > line is what’s in passwords.new. OQxXZjELndr90zuhOTDYBEomI0SZITXI is the password.

What diff Does

diff compares two files line by line and outputs only the differences. It’s designed for exactly this — finding what changed between two versions of a file.

The output format:

1
2
3
4
42c42
< old line
---
> new line
  • 42c42 — line 42 in file 1 was changed to line 42 in file 2
  • < — line from the first file (passwords.old)
  • > — line from the second file (passwords.new)
  • --- — separator between the two versions

Other markers you’ll see in diff output:

MarkerMeaning
<Line only in file 1
>Line only in file 2
cLine changed between files
aLine added in file 2
dLine deleted from file 1

Better Ways to Do It

The cleanest approach — pipe diff into grep to extract just the new line:

1
2
diff passwords.old passwords.new | grep "^>"
> OQxXZjELndr90zuhOTDYBEomI0SZITXI

^> means “lines starting with >” — which is exactly the lines from passwords.new that differ. This gives just the password without the line numbers or separators.

--normal flag is also redundant — the default diff output is already normal format:

1
diff passwords.old passwords.new

Produces the same result.

What I Learned

diff is for comparing files. Essential for version control, patch management, and config auditing in security work. When you need to know what changed between two versions of a file, diff is the tool.

Single dash vs double dash for flags. -n would be a single-character flag. --normal is a full-word flag. Using -normal tries to parse -n, -o, -r, -m, -a, -l as separate single-character flags — which fails because most of them aren’t valid options for diff.

^> in grep matches lines starting with >. The ^ anchors the match to the start of the line. Without it, grep ">" would also match lines containing > anywhere — like HTML or redirect symbols in a file.

Commands Used

CommandWhat it did
diff --normal passwords.old passwords.newShowed the one changed line between the two files
diff passwords.old passwords.new \| grep "^>"Cleaner version — outputs just the new line
This post is licensed under CC BY 4.0 by the author.