Level 12 - 13 - consoletornado.com

**Level Information** > [!important] The password for the next level is stored in the file **data.txt**, which is a hexdump of a file that has been repeatedly compressed. > > For this level it may be useful to create a directory under /tmp in which you can work. Use mkdir with a hard to guess directory name. > > Or better, use the command “mktemp -d”. Then copy the datafile using cp, and rename it using mv (read the manpages!). > > > > **Commands you may need to solve this level:** > > - grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd, mkdir, cp, mv, file The first thing for this level is that we know because the answer has been compressed multiple times that we are going to need to do some file manipulation. For that we will need a temporary directory to work out of that we have permissions to make changes to a file. I started by making a temporary directory within the `/tmp` directory. ![[Level 12 - 13.png]] Next, the data.txt file was copied from my home directory to the current `/tmp` directory. ![[Level 12 - 13-1.png]] Next we will use the `xxd` command to convert the `hex_data` into ASCII text using the `-r` switch and then state the output filename which in my case, I chose `compressed_data`. ![[Level 12 - 13-2.png]] Something new I learnt with this is that the first section of a hex code denotes the file signature. Using the [List of Signatures](https://en.wikipedia.org/wiki/List_of_file_signatures) I could search for the first few characters to find how I can decompress our file. ![[Level 12 - 13-3.png]] ![[Level 12 - 13-4.png]] Now that we know our compressed data is a gzip compressed file, we can use the `mv` command again to rename it with the appropriate extension (`.gz` ). ![[Level 12 - 13-5.png]] As you can see our data is still not viewable. ![[Level 12 - 13-6.png]] Using the `xxd` command again we can view the hex code to identify what to do next. ![[Level 12 - 13-7.png]] Now we are getting somewhere. We can search the hex code identifier again. ![[Level 12 - 13-8.png]] Checking our file again, it is still not readable. ![[Level 12 - 13-9.png]] Using what we have learnt we will use `xxd` to check for the next compression type. It shows us that is it `gzip` compressed again. ![[Level 12 - 13-10.png]] Renaming and decoding once again. ![[Level 12 - 13-11.png]] The output of the new data is almost readable but still doesn’t look quite right. ![[Level 12 - 13-12.png]] The hex code method will not help us here so we can use the inbuilt `file` method to check what type it is. In this case we have a `.tar` file and we will rename it accordingly. ![[Level 12 - 13-13.png]] After un-tarring the compressed data we now have a new file, `data5.bin`. Using the `file` command again, we find that `data5.bin` is a `.tar` file as well. After un-tarring that one as well we get `data6.bin` now. ![[Level 12 - 13-14.png]] As I’ve demonstrated, the goal is to find the new file type, decode using it, find the new file type, decode it. Repeat until we get ASCII text as out file type. ![[Level 12 - 13-15.png]]![[Level 12 - 13-16.png]] And FINALLY, there we go: ![[Level 12 - 13-17.png]]