How To Hack Part 3

Linux Capture The Flag Bandit Levels 7 to 11

Red

InfoSec Write-ups

· ~5 min read · February 11, 2026 (Updated: February 11, 2026) · Free: No

As you progress through OverTheWire's Bandit challenges, you'll encounter scenarios that reflect real-world cybersecurity tasks: searching through massive log files, identifying unique patterns in data streams, extracting readable strings from binary files, and decoding obfuscated information. Levels 7 through 11 focus intensively on text processing and encoding — skills that are absolutely fundamental to digital forensics, incident response, and penetration testing.

If you'd like to follow what I did via video, feel free to check it out on YouTube channel below:

Level 7 to Level 8

Challenge: The password is stored in data.txt next to the word millionth.

When you attempt to view data.txt using cat, you'll be overwhelmed with output — thousands of lines scrolling rapidly across your screen. If you watch me in the video, I literally couldn't get it to stop at first. This demonstrates why viewing large files directly is impractical and why specialized tools exist for text processing.

Understanding head and tail:

It's worth knowing two useful commands for previewing large files:

"head data.txt" — Shows the first 10 lines by default
"tail data.txt" — Shows the last 10 lines by default
"head -n 20 data.txt" — Shows the first 20 lines (customize with -n)

"Grep" is one of the most essential Linux commands for searching text. It allows you to find specific strings, patterns, or values within files efficiently.

Piping (|) connects the output of one command to the input of another. This is fundamental to Linux workflows:

cat data.txt | grep millionth

Breaking this down:

"cat data.txt" — Outputs all file contents
"|" — Pipes that output into the next command
"grep millionth" — Searches for and displays only lines containing "millionth"

The result is a single line showing the word "millionth" followed by the password. This demonstrates grep's power: instantly finding one relevant line among thousands.

Level 8 to 9

Challenge: The password is stored in data.txt and is the only line of text that occurs only once.

This challenge introduces the "uniq" command, which filters out duplicate lines. However, there's a critical requirement: "uniq" only detects adjacent duplicate lines.

I initially failed when I tried using "uniq"

cat data.txt | uniq -u

he -u flag tells "uniq" to print only unique lines. However, this doesn't work as expected because duplicate lines in the file aren't adjacent to each other. "Uniq" can only identify duplicates if they're consecutive.

After researching on the backend of things, I realized that the "sort" command must be employed. The "sort" command arranges lines in alphabetical order, which groups identical lines together:

sort data.txt | uniq -u

This works because:

"sort" arranges all duplicate lines next to each other
"uniq" -u then identifies and prints only the line that appears once

Understanding how commands work internally can really help you troubleshoot when they don't produce expected results. Command chaining (piping multiple commands together) is a cornerstone of efficient Linux usage.

Level 9 to 10

Challenge: The password is stored in data.txt in one of the few human-readable strings, preceded by several equal sign characters.

This level simulates a common real-world scenario: extracting useful information from binary files or compiled executables. During penetration testing or digital forensics, you'll frequently need to search through binary data for readable strings that might contain passwords, API keys, or configuration details.

The "strings" command extracts printable character sequences from files, filtering out binary data. Hence, we are going to use it in the data.txt file to find the printable string. Being that it is proceeded by several equal signs, we are going to pipe the command into "grep" to search for the equal signs:

strings data.txt | grep ===

Breaking this down:

"strings data.txt" — Extracts all human-readable strings from the file
"grep = — Filters for lines containing three or more equal signs

The output shows several lines with equal signs, with one clearly labeled as the password.

Level 10 to 11

Challenge: The password is stored in data.txt, which contains Base64 encoded data.

Base64 is an encoding scheme. You'll encounter Base64 frequently in:

Email attachments
API authentication tokens
Encoded malware payloads
Web application data transmission

Decoding with base64 command:

base64 --decode data.txt

You can also use the "-d" argument instead of " — decode"

This reveals the decoded message containing the password.

Alternative tools:

While command-line decoding is valuable, online tools like CyberChef can be super easy and provide interfaces for encoding/decoding operations. CyberChef supports dozens of formats including Base64, ROT13, hexadecimal, and many cryptographic operations. I'm showing this to you because often times there can be very simple ways to achieve our objective with tools written by others, and that's a good thing! It's always a good motto to work smarter and not harder.

Level 11 to 12

We are going to do one last level in this part.

Challenge: The password is stored in data.txt where all uppercase and lowercase letters have been rotated by 13 positions.

Understanding ROT13:

ROT13 ("rotate by 13 places") is a simple substitution cipher that replaces each letter with the letter 13 positions after it in the alphabet. Because there are 26 letters in the English alphabet, applying ROT13 twice returns the original text — it's its own inverse.

The transformation:

• A becomes N, B becomes O, C becomes P, etc.

• N becomes A, O becomes B, P becomes C, etc.

Method 1: CyberChef

Using CyberChef's ROT13 operation:

• Navigate to CyberChef

• Search for and drag the "ROT13" operation to the recipe

• Paste the encoded text from data.txt into the input

• The decoded password appears instantly in the output

Method 2: Command-line with tr (translate)

The tr (translate) command can perform character substitution. This is a different way of achieving the same result through the command line interface. For ROT13, we need to map A-Z to N-Z and A-M:

cat data.txt | tr 'A-Za-z' 'N-ZA-Mn-za-m'

Breaking down the tr command:

'A-Za-z' — First array: all uppercase and lowercase letters
'N-ZA-Mn-za-m' — Second array: letters shifted by 13 positions

This tells tr to replace each letter in the first array with the corresponding letter in the second array. A (position 1) maps to N (position 14), B maps to O, and so on. After Z, it wraps back to A.

The output reveals the decoded password. **The goal is mission completion, not demonstrating command-line prowess.** Know both approaches, then choose the most efficient one for your situation.

Levels 7 through 11 develop essential text processing skills that form the foundation of daily cybersecurity work. Whether you're analyzing logs, reverse engineering malware, or hunting for sensitive data on compromised systems, you'll rely heavily on grep, sort, strings, and encoding/decoding capabilities.

Feel free to check out my blog: [coderedblog.io](https://coderedblog.io/)

Checkout my [YouTube](https://www.youtube.com/@Red-2876)

[Buy me a coffee!](https://buymeacoffee.com/coderedblog)

Feel free to follow me on here and keep learning!

#linux #infosec #cybersecurity #hacking #education