Bandit - Going to Level 7

Goal

The password for the next level is stored somewhere on the server and has all of the following properties: - owned by user bandit7 - owned by group bandit6 - 33 bytes in size

Getting the information

At first I would go for something like that

bandit6@melinda:/$ find −type f −size 33c −readable −user bandit7 −group bandit6

However this would give a bunch of “Permission denied” files. A hack would be to cat every of those files to get the password (it works) but I still think it is not clean enough:

bandit6@melinda:/$ find −type f −size 33c −readable −user bandit7 −group bandit6 | xargs cat
[ loads of Permission denied removed ]
find: ‘./home/leviathan0/.backup’: Permission denied
find: ‘./home/drifter6/data’: Permission denied
find: ‘./home/leviathan4/.trash’: Permission denied
find: ‘./home/drifter8/chroot’: Permission denied
find: ‘./sys/kernel/debug’: Permission denied
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs

A better solution would be to simply not display those “Permission denied” files. Since the message “Permission denied” is an error, all we have to do is redirect the error output to /dev/null:

bandit6@melinda:/$ find −type f −size 33c −readable −user bandit7 −group bandit6 2>/dev/null
output
./var/lib/dpkg/info/bandit7.password

And there we go! Now we just have to display the password :)