Post

OverTheWire Bandit: Level 4 to Level 5

OverTheWire Bandit: Level 4 to Level 5

The Goal

The password is stored in the only human-readable file inside the inhere directory. There are ten files. I need to find which one is readable without opening each one manually.

What I Did

Navigated into inhere and listed the files:

1
2
3
bandit4@bandit:~$ cd inhere
bandit4@bandit:~/inhere$ ls
-file00  -file01  -file02  -file03  -file04  -file05  -file06  -file07  -file08  -file09

Ten files all starting with -. I knew I needed the file command to check what type each one was without opening them. My first attempt:

1
2
bandit4@bandit:~/inhere$ file *
file: Cannot open `ile00' (No such file or directory)

That failed in an interesting way. The shell expanded * into -file00 -file01 -file02... and file saw -file00 as a flag. It consumed -f as a flag character and was left trying to open ile00 — which doesn’t exist. The -f disappeared because the command interpreted it as an option.

I tried quoting the wildcard:

1
2
bandit4@bandit:~/inhere$ file "*"
*: cannot open `*' (No such file or directory)

That didn’t expand at all — quotes prevented the shell from treating * as a wildcard so it looked for a literal file called *.

Same fix as the dashed filename levels — prefix with ./:

1
2
3
4
5
6
7
8
9
10
11
bandit4@bandit:~/inhere$ file ./*
./-file00: data
./-file01: data
./-file02: OpenPGP Secret Key
./-file03: data
./-file04: data
./-file05: data
./-file06: Non-ISO extended-ASCII text, with NEL line terminators
./-file07: ASCII text
./-file08: data
./-file09: data

-file07 is the only one showing ASCII text — that’s the human-readable one. Everything else is binary data or other formats.

1
bandit4@bandit:~/inhere$ cat ./-file07

That printed the password.

I also tried cat ./--file07 by mistake — double dash didn’t work. The filename only has one dash.

What Was Actually Happening

file identifies file types without opening them. It reads the first few bytes of a file — called the magic bytes — and matches them against a database of known file signatures. ASCII text means the file contains readable characters. data means binary content — not human readable.

* wildcard expansion happens before the command runs. The shell replaces * with all matching filenames first, then passes the result to the command. So file * becomes file -file00 -file01... before file ever sees it. The command then misreads the leading dashes as flags.

./ fixes it again for the same reason as before — it turns bare names into explicit paths, so -file00 becomes ./-file00 and the command can’t mistake it for a flag.

What I Learned

file ./* is the pattern to use whenever you need to run a command on multiple files that start with -. The ./ prefix propagates to every filename the wildcard expands to.

Magic bytes identify file types — the file command doesn’t rely on extensions. A file called document.txt containing binary data would still be identified as data. Extensions are just hints for humans, not the OS.

Wildcards expand before execution — understanding when the shell processes something versus when the command processes it is important. The shell handles * expansion. The command never sees the * at all.

Commands Used

CommandWhat it did
lsListed the ten files in inhere
file *Failed — shell expanded to dashed names, misread as flags
file "*"Failed — quotes prevented wildcard expansion entirely
file ./*Worked — explicit paths prevented flag misinterpretation
cat ./-file07Read the only ASCII text file
This post is licensed under CC BY 4.0 by the author.