# Solving Bandit 11 → 14 levels

Hey,

I’ve decided to solve all the bandit levels until the end of the year and to blog about it. It feels like that I have a lot of time but I’m also a bit worried, because I’m pretty sure that the further I go the harder it becomes and the more time I’ll need for a problem. Let’s give it a start.

Bandit Level 10 → 11

It says that our password is base64 encoded. The attached article of Wiki helped me to understand remotely what base64 stands for and the man page helped me to find out, that we need `-d` to decode. So I just did:

``cat data.txt | base64 -d``

Mission accomplished. There is the password for the next level.

Bandit Level 11 → 12

I guess we’re learning some encoding-decoding methods in this phase. This time all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions. The attached article is talking about Rot13. This is fun (I remembered how we used to “decode” our letters at school adding “b” or “g” to every syllable). I found this rot13 decoder online and I’m gonna use it now. And there is the decoded text with the password of the next level. Yey!

Bandit Level 12 → 13

At the first sight this one seems to be a harder one. What is hex dump? The article says that in a hex dump, each byte is represented as a two-digit hexadecimal number. And what is the difference between hexadecimal and decimal numeral systems? Unlike the standard system representing numbers using 10 symbols, hexadecimal uses 16 distinct symbols, most often the symbols “0”–”9″ to represent values 0 to 9, and “A”–”F” (or alternatively “a”–”f”) to represent values from 10 to 15. Oh, that’s why it’s also called base-16. OK, got it. The article also says that one of the common names for this program function is `xxd`. Let’s read the man page.

``xxd - make a hexdump or do the reverse.``

That’s exactly what we want to do here. The hardest part is that the file has been compressed repeatedly. The key word is repeatedly. I really thought twice or thrice but the reality was way different. On the man page of `xxd` I found this:

``````-r | -revert
Reverse  operation:  convert (or patch) hexdump into binary.``````

I decided to follow the advice and made a new directory in `/tmp`:

``mkdir /tmp/coffee123``

Now let’s try to move the decoded file to a new file named “data”. `Now let’s try to move the decoded file to a new file named “data”.

``xxd -r data.txt /tmp/coffee123/data``

`The rest of decoding is being done in our new temporary directory. We check the type of the file just made:

``````\$ file data
``````

The new file turns out to be a gzip compressed. We have to rename it:

``\$ mv data data.gz``

and now we can decompress it:

``\$ gzip -d data.gz``

After checking the type of the file, we see it’s bzip2 compressed. Now it feels like this has no end. So I found out a much easier way to decompress the file with line. Check this out:

``cat data.txt  | xxd -r - | zcat - | bzcat - | zcat - | tar -x -f - -O | tar -x -f - -O | bzcat - | tar -x -f - -O | zcat -``

And there is the password for the next level. I’m going to explain this line in details on my next blog, so stay tuned.

Bandit Level 13 → 14

Wow! Nice! For this level we have an SSH key. First of let’s go through the material and if needed, watch some videos to understand the concept thoroughly. What I learnt from all of these reading, I just need to use `-i` for using the private key to connect. So I just type:

``\$ ssh bandit14@localhost -p 2220 -i sshkey.private``

No password, not even needed, because I’m already on the next level. Anyway, we can find the password in `/etc/bandit_pass`.

I thought it’s supposed to be easier…

# and we keep scrolling

hey,

aliyev has started a new war in Artsakh, killing peaceful citizens, ruining cities, taking captive those who has not managed to run away. And I want to ask why?

I’m 28 years old and I have seen three wars already. And I want to ask why?

Antranig was trying to explain me that yes, sure, war sucks, he has seen more wars in his life and has lost more people than I have. And I want to ask why?

So I opened my laptop today and this is what I saw.

And I want to ask “why”?

And then I just scroll the feed, swallow news, swallow reality, swallow tears, and the only thing that I want to understand is “why?”.

There is nothing much to do right now, all my friends keep asking: what can we do, should we protest, should we fight, should we go and scream at their faces for not doing anything and I ask them “why?”.

After I told one of my friends that I am unable to work today because of the war he was like: “its hard to believe how many wars are there in the world, given the fact that most people don’t want war. I will never understand that…” Yep, me neither, so I am asking “why”?

I am talking to one of my colleagues living in India, I’m showing him what’s happening here, how we lost a whole country in less than 24 hours and he tells me about his country, how the same political sh*t is happening there and how he wants to leave the country to live in peace. And I am asking “why?”

I hear people screaming outside of my house, inviting everyone to join and protest. I don’t think they have a better alternative so I am just looking at them thinking “why?”.

The kids go to school, not even being properly dressed or fed because of the blockade. They want to study, they want to be a better citizens for the future of their country, they want to be the change they want to see. And they hear bombing in the middle of the lesson, can’t even go back to their parents. Why?

I am not saying Armenians are special, I’m not saying this is happening only with us. We are just one of those who are not protected. Who don’t have enough oil or gold or gas to close some eyes, and deafen some ears. We are not preferable. We do not deserve. Why?

The war sucks, the world sucks, my news feed sucks, all governments suck, and politics sucks.

And I am not leaving. I am staying. And do you know why? Just because that’s what you want for us. Staying in spite of you.

I thought it’s supposed to be easier…

# AI – a new way to hack the reality

Hey!

I haven’t been writing for a very long time (hanging my head in shame). Today I am going to talk about a very new but a very exciting topic.

In recent years, the field of artificial intelligence (AI) has made incredible strides, revolutionizing many aspects of our lives. One area where AI is increasingly being used is in the creation of digital art, including photos. Using sophisticated algorithms and machine learning techniques, AI can generate new images, enhance existing ones, and even manipulate photos in ways that were once impossible. As someone who is interested in both AI and photography, I decided to explore this fascinating intersection and try my hand at creating photos with AI. In this blog, I will share my experiences, insights, and tips for anyone who wants to delve into the world of AI-generated photos.

I was literally amazed seeing what a great community is there already on … Twitter. Kris is a New York based AI educator, she has also a YouTube channel, where she shows some tips and tricks how to create photos using AI. I have researched on Twitter for an hour, and she seems to be the spirit of AI photography community.

I tried to create my perfect spot right now and got this:

Photo is created with BingAI

For the first time, I think this is not that bad, huh? At least my imagination could do yoga on the beach! 😀

I also tried to use the same prompt for three different AI tools: Bing AI, Midjourney and NightCafe. The game is following: find 5 similarities:

Created with NightCafe

Prompt: Christmass mood, six little pinky and golden glass jars with ribbons visible unique numbers, from 1 to 24 near the window, Christmass tree, flowers

Created with Bing AI:
Prompt: Christmass mood, six little pinky and golden glass jars with ribbons visible unique numbers, from 1 to 24 near the window, Christmass tree, flowers

Created with Midjourney
Prompt: hristmass mood, six little pinky and golden glass jars with ribbons visible unique numbers, from 1 to 24 near the window, Christmass tree, flowers

It is really tricky to teach the AI to use different numbers, right now I am working on calendars, and have no idea how to make the AI to use unique numbers. And the most fun part is when you /imagine a Christmass mood, and Midjourney returns you this creepy old room.

Anyways, this is only a little quick start. I am gonna explore this world and hope to create the realities I really want to live in both online and offline!

I thought it’s supposed to be easier…

# about motivation and how to find it

Hey,

Well, today we had a little discussion on mastodon about getting motivated for work. I had no idea what motivates me until I was asked and eventually had to think about it 😀 And the things that came to my mind were:

1. “understanding what you are doing and why you are doing especially that”. Sometimes we get lost under the pile of tasks and can’t help getting disappointed. It takes a second to remember the reason why we chose that profession. OK, I’m fighting against scammers, I’m helping the people who might be victims one day, who might lose money or worse; private information.

2. “discussing cases with colleagues”.
Working from home has thousands of advantages. I feel much more comfy and I work much more efficiently when I’m alone in the room. But knowing that there are people who can help me or I can be helpful, we can just discuss this or that case, reminds me that I’m not alone and that’s relevant for me.

3. “listening to podcasts/watching videos of the people having the same profession”. This not only motivates you but educates you as well. You can learn about new tools, new methods, listen to their stories and feel yourself as a part of the community. And it’s awesome.

# The art of understanding the problem

Hey there,

These days I’m concentrating myself on improving my hacking skills, because I can’t afford this dream of mine to stay on my journals, some dreams have to come true. I read, I try to hack some servers (there is nothing illegal, mum), I blog about my solutions, I blog about the way I search the solutions, because I’m only a beginner in the field, not an expert – beginner.

I was too suspicious about my abilities. I always am. Sometimes I challenge myself in order to show the girl in the mirror that she can, sometimes I ask for an opinion from someone who knows me better than I know myself. I will never take up a task or a job out my ability scope. So, in order to avoid a situation like that I always update my knowledge about my skills.

The 5th of November should be marked on my calendar. Today I found out that I’ve finally learnt to understand the problem. As a beginner hacker I would always worry about the solution not even understanding the core problem or the task itself. Today, as I was doing one of the levels of OverTheWire-Bandit, I had no idea which command should be used, the only thing I knew was that the file contains a human-readable string.

What would a beginner do in this case? Of course, I googled how to find a human readable string in a file. And there was the solution:

``strings somebinaryfile | grep textuwanttofind``

Maybe you’ll think: “WTF, nothing serious, you haven’t discovered anything girl, you’ve just googled about it and copy-pasted the solution”. For me this is a relevant point on my learning path, because I finally googled the problem not the solution.

Before finding that link I read so many man pages of `strings` or `grep` and learnt some things I had no idea about. Anyway, I learnt the art of reading and understanding the problem. And didn’t worry about the solution.

So, if you are beginner, this can be a good tip for you: never worry about finding the password of this or that level. Maybe you will never be able to find the password, but the reading, the research that you do, the knowledge you gain, will help you to become the specialist you want to be. Try to understand the main problem of the task and don’t give up until you solve it.

thought it’s supposed to be easier…

# Today I solved Bandit 6 → 10 levels

Hey there,

I had so much fun solving bandit levels and blogging about it, so I decided to make it a habit and see if I can solve all the levels till the end of the year. Now, without further ado, we pick up from where we stopped last time.

Bandit Level 5 → 6

Our task is to find the file which is human-readable, 1033 bytes in size and is not executable. I assume, that the command, that will help us today is the `find`. So, I’m gonna see what is find for and what other options it has. I found `-executable`, which is probably one of the commands I need right now, but I’m still looking for the way to filter by its size and see if it’s human readable. Awesome, there is `-size` command and we should pay attention that for bytes we should use `c`. I found the directory named “inhere” which contains too many directories. In order to save time and not to check every directory I just stay in “inhere” and do:

``find -size 1033c``

It shows me the only file that is 1033 bytes: `/maybehere07/.file2`, so I cat the file. There is the password!

Bandit Level 6 → 7

This level seems to be harder at the first sight, because it’s the first time I should find a file owned by another user. It’s hard but not possible. Let’s dig in. In order to find a file owned by a user or a group I just type:

``find -user bandit7 -group bandit6``

and for the size, as we learnt from the previous level, we need `-size 33c`. No result. Let’s read the task again. The password is stored somewhere on the server. So we should look for it everywhere.

``find / -user bandit7 -group bandit6 -size 33c.``

Oh no, it shows all the errors as well. We don’t need them at all, so let’s redirect all of them in `/dev/null`.

``ind / -user bandit7 -group bandit6 -size 33c 2>/dev/null``

Success!! There is the file we were looking for. And it contains the password for the next level.

Bandit Level 7 → 8

The password is in the file named `data.txt` next to the word millionth. I guess I should find out how to find a word in a file. Here is the solution. So I just type:

``grep millionth data.txt``

This was such a child’s play.

Bandit Level 8 → 9

The password for the next level is stored in the file data.txt and is the only line of text that occurs only once. The key word is “occurs only once”, it seems kind of unique, right? What a pleasant coincidence, we have a command called uniq. On the man page of uniq I found this awesome option:

``````-u, --unique
only print unique lines``````

I see that `sort` command that can be used for the level. What does it stand for? The man page says:

``sort - sort lines of text files``

``cat data.txt | sort | uniq -u``

And there is our password. Another, more sufficient way would have been:

``sort data.txt | uniq -u``

Bandit Level 9 → 10

The password for the next level is stored in the file data.txt in one of the few human-readable strings, preceded by several `=` characters. I understand that my task is to find the human-readable string in a file. Here I found the most efficient and maybe the only way:

``strings data.txt | grep "= "``

For me these levels were easier than the previous ones. Maybe because I’ve already learnt the art of understanding the problem and reading every possible man or –help page.

I thought it’s supposed to be easier…

# Happy International Vegan day!

hey there,

It’s been almost three years I’m following vegan lifestyle and today I would like to talk about my experience, pros and cons of being a vegan in Armenia, a country where mostly all national dishes are, to put it mildly, non vegan-friendly.

Before saying bye-bye to meat and dairy products, I read hundreds of articles and watched thousands of videos. Most of them would say “it’s not a one day plan, no one can become vegan in a day, you should start with baby steps, become a vegetarian first, and then see the reaction of your body…”. For me it took like a second, there was kind of a click in my head. I was watching a ted talk about food marketing and meat production and I just said “I’m becoming a vegan”. I’ve not eaten meat or drunk non-plant-based milk from that moment.

I was living in Germany at that time and it didn’t feel like a huge step, it was normal there, I wasn’t seen like an alien. I could go to a supermarket and find the vegan section, buy soy milk produced a day before. A week after becoming a vegan I traveled to Amsterdam and I found a vegan-friendly store at every corner of the city: vegan cookies, vegan chocolate, vegan sausage? OMG, people!!! I was happy.

Then I moved back to Armenia. And here all the colors seemed gray and green was not even mentioned. Eat some dolma (meat wrapped in cabbage), here is some barbeque, enjoy the meat, your body needs protein… And I kind of was seen as someone following to fashion, someone who says she is vegan, because that’s a way to show off or pretend she is unique. Frankly, that hurt.

One day Antranig found a store, where I could buy soy milk, and that was one of the happiest days of my life. Of course, I’m not the only vegan here in Armenia, but there was not much of demand for vegan products, and the milk we bought was produced like three-four months ago.

These days it has become much better. I can buy plant based milk in every store, we’ve even found vegan cookies, which I love, most cafes and restaurants have updated their menus, and you can see that little “leaf” sign, which means the dish is vegan friendly. And there are already three vegan cafes (don’t dare to laugh), where you can find every kind of delicious food: pizza, salads, soup and even famous Armenian traditional dishes, like the above mentioned dolma (of course, made with a vegan recipe).

I’ve started to cook more and explored new vegan recipes, found amazing food bloggers. Marianna is from Armenia. She and her husband Garik Papoyan, who is a famous musician here have been vegans for like five years already which made them one of the first vegans in the country. I’ve tried Marianna’s recipe of vegan omelet and loved it. Another famous vegan food blogger is pick up limes . Saying I love their work and passion will be saying nothing. I’ve tried most of their recipes while living in Germany (sadly, it’s not easy to find all the products here, and it costs a fortune to buy 100 grams of tofu for example).

My struggle is not done, unfortunately. People look, they stare, they ask, I explain, they laugh, I smile, they talk, I don’t care. As every change and every new thing, this also needs time for people to adjust. I’ll live and I’ll see the day, when you don’t have to ask, if they have plant based milk for the coffee, you are sure they do. Who knows, maybe they will even ask: “what kind of milk do you prefer”? John Lennon would say: “You may say I’m a dreamer, but I’m not the only one….”

I thought it’s supposed to be easier…

# How I tried to solve OverTheWire – Bandit 0 → 5

hey there,

I had some energy for doing some bandit levels today and I thought it would be nice to share all bandit levels with you. As always, I’m not gonna spoil it for you with passwords, this is just a walkthrough. My coffee is ready, so let’s dig in.
Bandit Level 0
The sole goal of this level is to learn how to connect to another server using ssh. There are four relevant points here. We need the Host name / Site’s IP Address / Domain Name / Server Address, Username, Password and Port Number.
For this level our Host name is: bandit.labs.overthewire.org
Port Number: 2220
Let’s connect to the server and log into the game. The syntax we need is the following: ssh username@hostname -p Port Number
If you’ve done it right, you’ll be asked a password and you just have to  type bandit0.
Bandit Level 0 → 1
For this level you should learn some unix commands, especially the ls and cat commands. For me, as a beginner, the most important command in Unix is –help. So as always, I just type ls –help and it tells me the usage and that ls shows the list information about the files. There is only a file named “readme”. For reading a file we need the “cat” command, which is for ….. cat –help concatenating the files. I love it how every command is kind of an abbreviation. Now you just need to type cat and the name of the file you want to read. Wow! Here is our password. OK, that was easy, let’s jump on the next level.
A quick tip, before passing to level 2: always save the passwords on a sticky note.
Bandit Level 1 → 2
After connecting to this server the same way as we’ve done on bandit 0, we list the files (ls) and see there is a file named “-“. Let’s try to cat the file the way we already know. Nothing happens, it requires an input. So there is probably another way to concatenate a file named “-“. First of all do ctrl + C to get out of that madness. cat –help gives us nothing, sad… OK, let’s google it, because… another wise thought alert, if you have a problem, it means somewhere in the world someone should have had that problem as well and most probably there is a solution for that.  I found this.
Problem is solved. We have the password for the next level. Saaaaaavviiiing it and going to the next level.
Bandit Level 2 → 3
Hah! This is fun. We have a file that is literally named “spaces in this filename”. There should be way to help the system to understand that “spaces in this filename” is just a file, not four files.

-Hello Google, how to cat a file that has spaces in the name

-Hello coffee, here are about 20,100,000 results (0.57 seconds)
-You are such a show off, but thanks
So it turned out you need quoting AKA ‘ ‘.
Level 3 was not hard at all either.
Bandit Level 3 → 4
Yey! This one is kind of tricky. After listing the files we find a directory. Here we need a new command named cd (Change the shell working Directory). Awesome, right? We try to list the files and this directory and there is nothing but emptiness. C’mmon you promised, even the name of the directory says “Inhere”. What if the file is hidden? How to list the hidden files? We need a help, no, actually we need THE help. ls -a will list all the files, even the ones, that start with a . AKA the hidden files. .hidden file is found, what are you waiting for?
Bandit Level 4 → 5
What do I see? Again an “Inhere” directory, which has not one, not two but ten files. Sure, I can read all of them and find that desired password, but something inside me tells me: “There should be a way to cat all the files, go and find that way”. Here I found a part of our problem, i.e. how to cat all the files: we need to use “*”. But let’s pay attention that all the files start with a “-“. Bringing all our knowledge together and typing  cat ./* we decide that it would have been easier to cat all the files. How do I find the password in this symbol-mixture? I just tried to brute force. No way, there are more letters than I needed. Keeping up with the Kardashians Google. What if we find out which file contains text and then just read it? That is possible with the file command: file ./* This will tell us that only the file named -file07 contains ASCII text. Let’s just read that one.
Aaaand done!
I thought it’s supposed to be easier…

# go hack yourself

hey there,

so I got this pin (btw sent from Defcon) and I loved it.

for me hacking is not only about looking for a vulnerability and cracking the system. mostly I see it as the most creative way you can approach to the problem, think differently, finding the point that is not wanted to be found, acting unexpectedly. and what’s the point of these actions? at least for me the only goal is the improvement of the safety of the system you are about to hack.

I caught myself on the thought that all my life I’ve brought myself to the level of being cracked to find the vulnerable side of mine in order to be able to improve it, to make it and myself more secure, I’ve put myself in a situation I’m not ready at all to see how I react. for me that’s the only way of self-consciousness, of course along with meditation and yoga.

so, maybe you’ll see a pun here and a swearing word, meanwhile this is not offensive at all (pun intended). this can be understood as a motto about knowing yourself and hacking your mind.

go hack yourself

# intro(2) why

hey there,

I had been thinking about having an English blog for like a year (or more…whatever). the gods of Olympia had foreseen that it should be opened on a cold spring day somewhere in 2022. who am I not to follow their predictions?

So it’s already 5 am, but we are still sitting at Antranig‘s office working and listening to some good music which makes us alive awake.

meanwhile, I’m trying to solve some levels from Natas, and (what a surprise!) it doesn’t seem to be a child’s play. being a complete beginner in the field, I needed some hints, at least. Hackmethod has already posted a few blogs with hints and everything but unfortunatelly  they have given up after level 10 so right after that you choose: either look for other blogs and find too many spoilers, or DIY. spoilers and already written passwords are not acceptable for me, I’m doing this for learning and I require explanations for the steps. there is nothing left than doing it myself (this means I’m just gonna ask some help from the Discord community) and blog about every level (of course without spoilers, just brief tips).

so, my word for the coming generations: “follow my future blogs, because I’m going to post some hints for each level in case you have difficulties… and before I forget, stay hydrated”.

I thought it’s supposed to be easier…