Access level

ssh -p 2220

Level goal

Read the password stored in a hidden file located in the inhere directory.


The particularity of a hidden file and complication it can bring is that he may be hidden (no ? really ?). Let’s take a look:

bandit3@bandit:~/inhere$ ls

The directory looks empty. If we look into the man page of ls we see:

LS(1)                                               User Commands

       ls - list directory contents

       ls [OPTION]... [FILE]...

       List information about the FILEs (the current directory by default).  Sort entries alphabetically if none of -cftuvSUX nor --sort is specified.

       Mandatory arguments to long options are mandatory for short options too.

       -a, --all
              do not ignore entries starting with .

Those hidden files are characterized by a dot at the beginning of the filename.

Repeating the previous command with the -a option we got:

bandit3@bandit:~/inhere$ ls -a
.  ..  .hidden

Here is our file, we can now display the password.

Obviously the problem only occur when you try to list files of the directory without the option. The problem is avoided with the bash autocompletion which takes into account hidden files.

Finally we have:

bandit3@bandit:~/inhere$ cat .hidden