← Bandit Solutions

Level 10 → Level 11 Walkthrough

Level 10 → Level 11

Completed

📋 Level Information

Host: bandit.labs.overthewire .org
Port: 2220
Username: bandit10
Password: G7w8LIi6J3kTb8A7j9Lgr ywtEUlyyp6s

🎯 Level Goal

The password for the next level is stored in the file data.txt, which contains base64 encoded data.

Challenge: You need to decode the base64 encoded content to reveal the password.

🔧 Solution Steps

Step 1: Connect to Bandit10

Use the password from Level 9 to log in:

ssh bandit10@bandit.labs.overthewire.org -p 2220

Password: G7w8LIi6J3kTb8A7j9LgrywtEUlyyp6s

Step 2: Check the data.txt File

First, let's see what's in the file:

cat data.txt

You'll see base64 encoded data that looks something like this:

VGhlIHBhc3N3b3JkIGlzIElGeWtQdEtTUjRlSTB2Ymc0T2dSWjlBZ2N0ZytYWk1nMQ==

Step 3: Decode the Base64 Data

Use the base64 command with the -d flag to decode:

base64 -d data.txt

Step 4: Get the Password

The decoded output will reveal the password for Level 11:

The password is 6zPeziLdR2RKNdNYFNb6nVCKzphlXHBM

The password for Level 11 is: 6zPeziLdR2RKNdNYFNb6nVCKzphlXHBM

🔄 Alternative Methods

Method 2: Using cat with base64

You can also pipe the file content to base64:

cat data.txt | base64 -d

Method 3: Using Python

If base64 command is not available, use Python:

python3 -c "import base64; print(base64.b64decode(open('data.txt').read().strip()).decode())"

Method 4: Online decoding (for practice)

For learning purposes, you can use online base64 decoders, but never use them for real passwords!

# Copy the base64 string and paste into an online decoder
# This is only for educational purposes!

💡 Explanation

This level introduces base64 encoding and decoding, a common data encoding scheme.

What is Base64?

  • Base64 - A binary-to-text encoding scheme
  • Converts binary data into ASCII text format
  • Uses 64 different characters (A-Z, a-z, 0-9, +, /) and = for padding
  • Commonly used for email attachments, data URLs, and storing binary data in text formats

base64 Command Options:

  • base64 -d or base64 --decode - Decodes base64 data
  • base64 (without -d) - Encodes data to base64
  • -w 0 - Disable line wrapping (useful for encoding)
  • -i - Ignore non-alphabet characters

Why Use Base64 Encoding?

  • Makes binary data safe for text-based systems
  • Prevents data corruption during transmission
  • Allows embedding binary data in XML, JSON, etc.
  • Used in HTTP Basic Authentication

⚠️ Common Mistakes

  • Forgetting the -d flag: Using base64 without -d will encode instead of decode
  • Wrong command order: Putting the flag after the filename
  • Missing file: Not being in the correct directory
  • Extra spaces: Accidentally adding spaces when copying commands

💡 Pro Tips

  • You can encode text to base64: echo "hello" | base64
  • Use base64 -d <<< "encoded_string" to decode a string directly
  • Combine with other commands: base64 -d data.txt | grep password
  • Remember that base64 encoded data always has length divisible by 4 (with padding)
  • You can recognize base64 by the character set and frequent = padding at the end

🌍 Real-World Applications

Base64 encoding is commonly used for:

  • Email attachments - MIME encoding for binary files
  • Data URLs - Embedding images in HTML/CSS
  • API authentication - HTTP Basic Auth encodes credentials in base64
  • Storing binary data in JSON/XML - When text format requires binary data
  • Cryptography - Encoding keys and certificates
  • Web development - Data transfer between client and server

🔒 Security Note

Important: Base64 is NOT encryption! It's just encoding.

  • Base64 provides no security - it's easily reversible
  • Never use base64 to hide sensitive information
  • It's like writing something in a different alphabet, not locking it in a safe
  • For real security, use proper encryption like AES
← Previous Level Next Level →