Post

OverTheWire Bandit: Level 6 to Level 7

OverTheWire Bandit: Level 6 to Level 7

The Goal

Find a file stored somewhere on the entire server with these properties:

  • Owned by user bandit7
  • Owned by group bandit6
  • 33 bytes in size

What I Did

I knew the filters from the previous level — -user, -group, -size. I started searching from /home since that’s where all the bandit users live:

1
bandit6@bandit:/home$ find -user bandit7 -group bandit6 -size 33c

Nothing. Just Permission denied errors. I tried adding and removing filters, combining them differently — same result every time. The filters were correct but I wasn’t finding anything.

The issue took me a while to realise: I was searching from /home thinking that covered the whole system. It doesn’t. /home is just one directory. The file could be anywhere on the server.

I switched to / to search from the root of the entire filesystem:

1
bandit6@bandit:/home$ find / -user bandit7 -size 33c -group bandit6

Now results appeared — buried inside hundreds of Permission denied errors. I could see the answer in there:

1
/var/lib/dpkg/info/bandit7.password

But the output was too messy to work with cleanly. I added 2>/dev/null to silence the errors:

1
2
bandit6@bandit:/home$ find / -user bandit7 -size 33c -group bandit6 2>/dev/null
/var/lib/dpkg/info/bandit7.password

One clean result. Read it:

1
bandit6@bandit:/var/lib/dpkg/info$ cat bandit7.password

That printed the password.

What Was Actually Happening

The wrong starting directory was the core mistake. When you run find without a path it searches the current directory. I was in /home, so all my correct filters were searching in the wrong place. The file was at /var/lib/dpkg/info/bandit7.password — completely outside /home. Switching to / searches the entire filesystem from the root down.

The Permission denied errors are stderr — the error output stream. Every command has three streams:

  • stdin (0) — input coming in
  • stdout (1) — normal output going out
  • stderr (2) — error messages going out

By default both stdout and stderr print to the terminal mixed together. The actual result — the file path — went to stdout. The Permission denied lines went to stderr. 2>/dev/null redirects stream 2 (stderr) to /dev/null — a special file that silently discards everything written to it. Errors disappear. Only the real result remains.

Other Ways to Handle the Output

Keep errors, send results to a file:

1
find / -user bandit7 -group bandit6 -size 33c 1>results.txt 2>/dev/null

Send both to separate files:

1
find / -user bandit7 -group bandit6 -size 33c 1>results.txt 2>errors.txt

Send both to the same file:

1
find / -user bandit7 -group bandit6 -size 33c 2>&1 | grep -v "Permission denied"

2>&1 merges stderr into stdout, then grep -v filters out lines containing “Permission denied”.

What I Learned

Always check where you’re searching from. find without a path searches the current directory only. If the file could be anywhere on the system, start from /.

/dev/null is a discard bin. Anything redirected there disappears permanently and silently. It’s the standard way to suppress output you don’t care about.

stderr and stdout are separate streams. The number matters — 2> redirects errors specifically. 1> redirects normal output. Understanding the difference lets you filter exactly what you want to see.

Commands Used

CommandWhat it did
find -user bandit7 -group bandit6 -size 33cCorrect filters, wrong directory — searched /home only
find / -user bandit7 -size 33c -group bandit6Searched whole system — found the file but noisy output
find / -user bandit7 -size 33c -group bandit6 2>/dev/nullClean result — errors silenced
cat bandit7.passwordRead the password
This post is licensed under CC BY 4.0 by the author.