← Bandit Solutions

Level 12 → Level 13 Walkthrough

Level 12 → Level 13

Completed

📋 Level Information

Host: bandit.labs.overthewire .org
Port: 2220
Username: bandit12
Password: 5Te8Y4drgCRfCx8ugdwu EX8KFC6k2EUu

🎯 Level Goal

The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed.

Challenge: You need to reverse the hexdump and then decompress the file multiple times using different compression algorithms.

🔧 Solution Steps

Step 1: Connect to Bandit12

Use the password from Level 11 to log in:

ssh bandit12@bandit.labs.overthewire.org -p 2220

Password: 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu

Step 2: Check the data.txt File

First, let's see what we're dealing with:

file data.txt
head data.txt

You'll see it's an ASCII text file containing a hexdump.

Step 3: Create a Working Directory

Create a temporary directory to work in:

mkdir /tmp/mydir
cd /tmp/mydir
cp ~/data.txt .

Step 4: Reverse the Hexdump

Use xxd to convert the hexdump back to binary:

xxd -r data.txt > data

This creates a binary file called "data".

Step 5: Identify the File Type

Check what type of file we have now:

file data

It will show something like: data: gzip compressed data

Step 6: Begin Decompression Loop

We'll repeatedly decompress the file until we get the password:

# First decompression - gzip
mv data data.gz
gzip -d data.gz
file data

# Second decompression - bzip2
mv data data.bz2
bzip2 -d data.bz2
file data

# Third decompression - gzip again
mv data data.gz
gzip -d data.gz
file data

# Fourth decompression - tar archive
mv data data.tar
tar -xf data.tar
file data5.bin

# Continue this pattern until you get an ASCII text file

Step 7: Complete Decompression Sequence

Here's the complete sequence of decompression steps:

xxd -r data.txt > data
file data                                # gzip
mv data data.gz
gzip -d data.gz
file data                               # bzip2  
mv data data.bz2
bzip2 -d data.bz2
file data                               # gzip
mv data data.gz
gzip -d data.gz
file data                               # tar
mv data data.tar
tar -xf data.tar
file data5.bin                          # tar
mv data5.bin data5.tar
tar -xf data5.tar
file data6.bin                          # bzip2
mv data6.bin data6.bz2
bzip2 -d data6.bz2
file data6                              # tar
mv data6 data6.tar
tar -xf data6.tar
file data8.bin                          # gzip
mv data8.bin data8.gz
gzip -d data8.gz
file data8                              # ASCII text!

Step 8: Get the Password

Read the final decompressed file:

cat data8

The file contains the password for Level 13:

8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL

🔄 Alternative Methods

Method 2: Automated Script

Create a script to automate the decompression:

#!/bin/bash
cp ~/data.txt /tmp/work/
cd /tmp/work/
xxd -r data.txt > data

while true; do
    filetype=$(file data | cut -d' ' -f2)
    case $filetype in
        gzip)
            mv data data.gz
            gzip -d data.gz
            ;;
        bzip2)
            mv data data.bz2
            bzip2 -d data.bz2
            ;;
        tar)
            mv data data.tar
            tar -xf data.tar
            rm data.tar
            # There might be multiple files, find the right one
            datafile=$(ls | grep -v data.txt)
            mv "$datafile" data
            ;;
        ASCII)
            echo "Found the password:"
            cat data
            break
            ;;
        *)
            echo "Unknown file type: $filetype"
            break
            ;;
    esac
done

Method 3: Manual file command with appropriate decompression

Just keep checking file type and decompressing accordingly:

file data
# Based on output, use appropriate command:
# gzip compressed: gzip -d (or gunzip)
# bzip2 compressed: bzip2 -d (or bunzip2)  
# tar archive: tar -xf
# Once you get ASCII text, you're done!

💡 Explanation

This level teaches file compression formats and how to work with hexdumps.

Hexdump and xxd:

  • Hexdump - A hexadecimal representation of binary data
  • xxd - Creates hexdump from binary or reverses hexdump to binary
  • xxd -r - Reverse mode (hexdump → binary)
  • Useful for transferring binary files as text

Compression Formats Used:

  • gzip - .gz files, use gzip -d or gunzip
  • bzip2 - .bz2 files, use bzip2 -d or bunzip2
  • tar - Tape archive, use tar -xf to extract

file Command:

  • Determines file type by checking "magic numbers"
  • Essential for knowing how to decompress unknown files
  • Works even without file extensions

Why Multiple Compressions:

  • Teaches recognition of different compression formats
  • Shows that files can be compressed multiple times
  • Demonstrates the importance of checking file types

⚠️ Common Mistakes

  • Wrong xxd usage: Forgetting -r flag (creates hexdump instead of reversing)
  • Missing file extensions: Not renaming files before decompression
  • Wrong decompression tool: Using gzip on bzip2 files or vice versa
  • Not checking file type: Assuming the compression format
  • Permission issues: Not using /tmp directory for writing files

💡 Pro Tips

  • Always use /tmp directory for creating files
  • Use file command after each decompression step
  • Create a script to automate repetitive decompression
  • You can use strings on binary files to look for text
  • Keep track of the sequence - it's the same for everyone
  • Use tab completion for file names to avoid typos
← Previous Level Next Level →