Please Ctrl+F to find your desired Level.
Level 25 -> Level 26
Level Goal
Logging in to bandit26 from bandit25 should be fairly easy… The shell for user bandit26 is not /
bin/bash, but something else. Find out what it is, how it works and how to break out of it.
bandit25@bandit:~$ ls
bandit26.sshkey
bandit25@bandit:~$ ssh bandit26@localhost -i bandit26.sshkey
Enjoy your stay!
_ _ _ _ ___ __
| | | (_) | |__ \ / /
| |__ __ _ _ __ __| |_| |_ ) / /_
| '_ \ / _` | '_ \ / _` | | __| / / '_ \
| |_) | (_| | | | | (_| | | |_ / /| (_) |
|_.__/ \__,_|_| |_|\__,_|_|\__|____\___/
Connection to localhost closed.
bandit25@bandit:~$ cat /etc/passwd | grep bandit26
bandit26:x:11026:11026:bandit level 26:/home/bandit26:/usr/bin/showtext
bandit25@bandit:~$ cat /usr/bin/showtext
#!/bin/sh
export TERM=linux
more ~/text.txt
exit 0
Now try and connect with the ssh but press V to bring up vi
You can do this by making size of terminal very small, so that it prompts you to show --More--
and then press v
Now we will invoke shell with :set shell=/bin/bash in vi
23/31
Now type :sh and we will get a shell
bandit26@bandit:~$ cat /etc/bandit_pass/bandit26
5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z
The password to the next level: 5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z
Level Goal
Logging in to bandit26 from bandit25 should be fairly easy… The shell for user bandit26 is not /
bin/bash, but something else. Find out what it is, how it works and how to break out of it.
bandit25@bandit:~$ ls
bandit26.sshkey
bandit25@bandit:~$ ssh bandit26@localhost -i bandit26.sshkey
Enjoy your stay!
_ _ _ _ ___ __
| | | (_) | |__ \ / /
| |__ __ _ _ __ __| |_| |_ ) / /_
| '_ \ / _` | '_ \ / _` | | __| / / '_ \
| |_) | (_| | | | | (_| | | |_ / /| (_) |
|_.__/ \__,_|_| |_|\__,_|_|\__|____\___/
Connection to localhost closed.
bandit25@bandit:~$ cat /etc/passwd | grep bandit26
bandit26:x:11026:11026:bandit level 26:/home/bandit26:/usr/bin/showtext
bandit25@bandit:~$ cat /usr/bin/showtext
#!/bin/sh
export TERM=linux
more ~/text.txt
exit 0
Now try and connect with the ssh but press V to bring up vi
You can do this by making size of terminal very small, so that it prompts you to show --More--
and then press v
Now we will invoke shell with :set shell=/bin/bash in vi
23/31
Now type :sh and we will get a shell
bandit26@bandit:~$ cat /etc/bandit_pass/bandit26
5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z
The password to the next level: 5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z
Level 26 -> Level 27
Level Goal
Good job getting a shell! Now hurry and grab the password for bandit27!
bandit26@bandit:~$ ls
bandit27-do text.txt
bandit26@bandit:~$ ./bandit27-do
Run a command as another user.
Example: ./bandit27-do id
bandit26@bandit:~$ ./bandit27-do whoami
bandit27
bandit26@bandit:~$ ./bandit27-do cat /etc/bandit_pass/bandit27
3ba3118a22e93127a4ed485be72ef5ea
The password to the next level: 3ba3118a22e93127a4ed485be72ef5ea
Level Goal
Good job getting a shell! Now hurry and grab the password for bandit27!
bandit26@bandit:~$ ls
bandit27-do text.txt
bandit26@bandit:~$ ./bandit27-do
Run a command as another user.
Example: ./bandit27-do id
bandit26@bandit:~$ ./bandit27-do whoami
bandit27
bandit26@bandit:~$ ./bandit27-do cat /etc/bandit_pass/bandit27
3ba3118a22e93127a4ed485be72ef5ea
The password to the next level: 3ba3118a22e93127a4ed485be72ef5ea
Level 27 -> Level 28
Level Goal
There is a git repository at ssh://bandit27-git@localhost/home/bandit27-git/repo. The password
for the user bandit27-git is the same as for the user bandit27.
Clone the repository and find the password for the next level.
bandit27@bandit:~$ cd /tmp/azid/
bandit27@bandit:/tmp/azid$ git clone ssh://bandit27-git@localhost/home/bandit27-git/repo
Cloning into 'repo'...
Could not create directory '/home/bandit27/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
24/31
Failed to add the host to the list of known hosts (/home/bandit27/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit27-git@localhost's password:
remote: Counting objects: 3, done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (3/3), 288 bytes | 0 bytes/s, done.
bandit27@bandit:/tmp/azid$ ls
repo
bandit27@bandit:/tmp/azid$ cd repo
bandit27@bandit:/tmp/azid/repo$ ls
README
bandit27@bandit:/tmp/azid/repo$ cat README
The password to the next level is: 0ef186ac70e04ea33b4c1853d2526fa2
The password to the next level: 0ef186ac70e04ea33b4c1853d2526fa2
Level Goal
There is a git repository at ssh://bandit27-git@localhost/home/bandit27-git/repo. The password
for the user bandit27-git is the same as for the user bandit27.
Clone the repository and find the password for the next level.
bandit27@bandit:~$ cd /tmp/azid/
bandit27@bandit:/tmp/azid$ git clone ssh://bandit27-git@localhost/home/bandit27-git/repo
Cloning into 'repo'...
Could not create directory '/home/bandit27/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
24/31
Failed to add the host to the list of known hosts (/home/bandit27/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit27-git@localhost's password:
remote: Counting objects: 3, done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (3/3), 288 bytes | 0 bytes/s, done.
bandit27@bandit:/tmp/azid$ ls
repo
bandit27@bandit:/tmp/azid$ cd repo
bandit27@bandit:/tmp/azid/repo$ ls
README
bandit27@bandit:/tmp/azid/repo$ cat README
The password to the next level is: 0ef186ac70e04ea33b4c1853d2526fa2
The password to the next level: 0ef186ac70e04ea33b4c1853d2526fa2
Level 28 -> Level 29
Level Goal
There is a git repository at ssh://bandit28-git@localhost/home/bandit28-git/repo. The password
for the user bandit28-git is the same as for the user bandit28.
Clone the repository and find the password for the next level.'
bandit28@bandit:/tmp$ mkdir azid1
bandit28@bandit:/tmp$ cd azid1
bandit28@bandit:/tmp/azid1$
bandit28@bandit:/tmp/azid1$ git clone ssh://bandit28-git@localhost/home/bandit28-git/repo
Cloning into 'repo'...
Could not create directory '/home/bandit28/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit28/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit28-git@localhost's password:
remote: Counting objects: 9, done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 9 (delta 2), reused 0 (delta 0)
25/31
Receiving objects: 100% (9/9), 796 bytes | 0 bytes/s, done.
Resolving deltas: 100% (2/2), done.
bandit28@bandit:/tmp/azid1$ ls
repo
bandit28@bandit:/tmp/azid1$ cd repo
bandit28@bandit:/tmp/azid1/repo$ ls
README.md
bandit28@bandit:/tmp/azid1/repo$ cat README.md
# Bandit Notes
Some notes for level29 of bandit.
## credentials
- username: bandit29
- password: xxxxxxxxxx
bandit28@bandit:/tmp/azid1/repo$ git log
commit edd935d60906b33f0619605abd1689808ccdd5ee
Author: Morla Porla <morla@overthewire.org>
Date: Thu May 7 20:14:49 2020 +0200
fix info leak
commit c086d11a00c0648d095d04c089786efef5e01264
Author: Morla Porla <morla@overthewire.org>
Date: Thu May 7 20:14:49 2020 +0200
add missing data
commit de2ebe2d5fd1598cd547f4d56247e053be3fdc38
Author: Ben Dover <noone@overthewire.org>
Date: Thu May 7 20:14:49 2020 +0200
initial commit of README.md
bandit28@bandit:/tmp/azid1/repo$ git show edd935d60906b33f0619605abd1689808ccdd5ee
commit edd935d60906b33f0619605abd1689808ccdd5ee
Author: Morla Porla <morla@overthewire.org>
Date: Thu May 7 20:14:49 2020 +0200
fix info leak
diff --git a/README.md b/README.md
index 3f7cee8..5c6457b 100644
--- a/README.md
+++ b/README.md
@@ -4,5 +4,5 @@ Some notes for level29 of bandit.
## credentials
26/31
- username: bandit29
-- password: bbc96594b4e001778eee9975372716b2
+- password: xxxxxxxxxx
The password to the next level: bbc96594b4e001778eee9975372716b2
Level Goal
There is a git repository at ssh://bandit28-git@localhost/home/bandit28-git/repo. The password
for the user bandit28-git is the same as for the user bandit28.
Clone the repository and find the password for the next level.'
bandit28@bandit:/tmp$ mkdir azid1
bandit28@bandit:/tmp$ cd azid1
bandit28@bandit:/tmp/azid1$
bandit28@bandit:/tmp/azid1$ git clone ssh://bandit28-git@localhost/home/bandit28-git/repo
Cloning into 'repo'...
Could not create directory '/home/bandit28/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit28/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit28-git@localhost's password:
remote: Counting objects: 9, done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 9 (delta 2), reused 0 (delta 0)
25/31
Receiving objects: 100% (9/9), 796 bytes | 0 bytes/s, done.
Resolving deltas: 100% (2/2), done.
bandit28@bandit:/tmp/azid1$ ls
repo
bandit28@bandit:/tmp/azid1$ cd repo
bandit28@bandit:/tmp/azid1/repo$ ls
README.md
bandit28@bandit:/tmp/azid1/repo$ cat README.md
# Bandit Notes
Some notes for level29 of bandit.
## credentials
- username: bandit29
- password: xxxxxxxxxx
bandit28@bandit:/tmp/azid1/repo$ git log
commit edd935d60906b33f0619605abd1689808ccdd5ee
Author: Morla Porla <morla@overthewire.org>
Date: Thu May 7 20:14:49 2020 +0200
fix info leak
commit c086d11a00c0648d095d04c089786efef5e01264
Author: Morla Porla <morla@overthewire.org>
Date: Thu May 7 20:14:49 2020 +0200
add missing data
commit de2ebe2d5fd1598cd547f4d56247e053be3fdc38
Author: Ben Dover <noone@overthewire.org>
Date: Thu May 7 20:14:49 2020 +0200
initial commit of README.md
bandit28@bandit:/tmp/azid1/repo$ git show edd935d60906b33f0619605abd1689808ccdd5ee
commit edd935d60906b33f0619605abd1689808ccdd5ee
Author: Morla Porla <morla@overthewire.org>
Date: Thu May 7 20:14:49 2020 +0200
fix info leak
diff --git a/README.md b/README.md
index 3f7cee8..5c6457b 100644
--- a/README.md
+++ b/README.md
@@ -4,5 +4,5 @@ Some notes for level29 of bandit.
## credentials
26/31
- username: bandit29
-- password: bbc96594b4e001778eee9975372716b2
+- password: xxxxxxxxxx
The password to the next level: bbc96594b4e001778eee9975372716b2
Level 29 -> Level 30
Bandit Level 29 → Level 30
Level Goal
There is a git repository at ssh://bandit29-git@localhost/home/bandit29-git/repo. The password
for the user bandit29-git is the same as for the user bandit29.
Clone the repository and find the password for the next level.
bandit29@bandit:/tmp/azid2$ mkdir /tmp/azid2
bandit29@bandit:/tmp/azid2$ cd /tmp/azid2
bandit29@bandit:/tmp/azid2$ git clone ssh://bandit29-git@localhost/home/bandit29-git/repo
Cloning into 'repo'...
Could not create directory '/home/bandit29/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit29/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit29-git@localhost's password:
remote: Counting objects: 16, done.
remote: Compressing objects: 100% (11/11), done.
remote: Total 16 (delta 2), reused 0 (delta 0)
Receiving objects: 100% (16/16), done.
Resolving deltas: 100% (2/2), done.
bandit29@bandit:/tmp/azid2$ ls
repo
bandit29@bandit:/tmp/azid2$ cd repo/
bandit29@bandit:/tmp/azid2/repo$ ls
README.md
bandit29@bandit:/tmp/azid2/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.
## credentials
27/31
- username: bandit30
- password: <no passwords in production!>
bandit29@bandit:/tmp/azid2/repo$ git branch -a
* master
remotes/origin/HEAD -> origin/master
remotes/origin/dev
remotes/origin/master
remotes/origin/sploits-dev
bandit29@bandit:/tmp/azid2/repo$ git checkout dev
Branch dev set up to track remote branch dev from origin.
Switched to a new branch 'dev'
bandit29@bandit:/tmp/azid2/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.
## credentials
- username: bandit30
- password: 5b90576bedb2cc04c86a9e924ce42faf
The password to the next level: 5b90576bedb2cc04c86a9e924ce42faf
Bandit Level 29 → Level 30
Level Goal
There is a git repository at ssh://bandit29-git@localhost/home/bandit29-git/repo. The password
for the user bandit29-git is the same as for the user bandit29.
Clone the repository and find the password for the next level.
bandit29@bandit:/tmp/azid2$ mkdir /tmp/azid2
bandit29@bandit:/tmp/azid2$ cd /tmp/azid2
bandit29@bandit:/tmp/azid2$ git clone ssh://bandit29-git@localhost/home/bandit29-git/repo
Cloning into 'repo'...
Could not create directory '/home/bandit29/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit29/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit29-git@localhost's password:
remote: Counting objects: 16, done.
remote: Compressing objects: 100% (11/11), done.
remote: Total 16 (delta 2), reused 0 (delta 0)
Receiving objects: 100% (16/16), done.
Resolving deltas: 100% (2/2), done.
bandit29@bandit:/tmp/azid2$ ls
repo
bandit29@bandit:/tmp/azid2$ cd repo/
bandit29@bandit:/tmp/azid2/repo$ ls
README.md
bandit29@bandit:/tmp/azid2/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.
## credentials
27/31
- username: bandit30
- password: <no passwords in production!>
bandit29@bandit:/tmp/azid2/repo$ git branch -a
* master
remotes/origin/HEAD -> origin/master
remotes/origin/dev
remotes/origin/master
remotes/origin/sploits-dev
bandit29@bandit:/tmp/azid2/repo$ git checkout dev
Branch dev set up to track remote branch dev from origin.
Switched to a new branch 'dev'
bandit29@bandit:/tmp/azid2/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.
## credentials
- username: bandit30
- password: 5b90576bedb2cc04c86a9e924ce42faf
The password to the next level: 5b90576bedb2cc04c86a9e924ce42faf
Level 30 -> Level 31
Level Goal
There is a git repository at ssh://bandit30-git@localhost/home/bandit30-git/repo. The password
for the user bandit30-git is the same as for the user bandit30.
Clone the repository and find the password for the next level.
bandit30@bandit:~$ mkdir /tmp/azid3
bandit30@bandit:~$ cd /tmp/azid3
bandit30@bandit:/tmp/azid3$ git clone ssh://bandit30-git@localhost/home/bandit30-git/repo
Cloning into 'repo'...
Could not create directory '/home/bandit30/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit30/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit30-git@localhost's password:
remote: Counting objects: 4, done.
Receiving objects: 100% (4/4), 298 bytes | 0 bytes/s, done.
28/31
remote: Total 4 (delta 0), reused 0 (delta 0)
bandit30@bandit:/tmp/azid3$ ls
repo
bandit30@bandit:/tmp/azid3$ cd repo
bandit30@bandit:/tmp/azid3/repo$ ls
README.md
bandit30@bandit:/tmp/azid3/repo$ cat README.md
just an epmty file... muahaha
bandit30@bandit:/tmp/azid3/repo$ git tag
secret
bandit30@bandit:/tmp/azid3/repo$ git show secret
47e603bb428404d265f59c42920d81e5
The password to the next level: 47e603bb428404d265f59c42920d81e5
Level Goal
There is a git repository at ssh://bandit30-git@localhost/home/bandit30-git/repo. The password
for the user bandit30-git is the same as for the user bandit30.
Clone the repository and find the password for the next level.
bandit30@bandit:~$ mkdir /tmp/azid3
bandit30@bandit:~$ cd /tmp/azid3
bandit30@bandit:/tmp/azid3$ git clone ssh://bandit30-git@localhost/home/bandit30-git/repo
Cloning into 'repo'...
Could not create directory '/home/bandit30/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit30/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit30-git@localhost's password:
remote: Counting objects: 4, done.
Receiving objects: 100% (4/4), 298 bytes | 0 bytes/s, done.
28/31
remote: Total 4 (delta 0), reused 0 (delta 0)
bandit30@bandit:/tmp/azid3$ ls
repo
bandit30@bandit:/tmp/azid3$ cd repo
bandit30@bandit:/tmp/azid3/repo$ ls
README.md
bandit30@bandit:/tmp/azid3/repo$ cat README.md
just an epmty file... muahaha
bandit30@bandit:/tmp/azid3/repo$ git tag
secret
bandit30@bandit:/tmp/azid3/repo$ git show secret
47e603bb428404d265f59c42920d81e5
The password to the next level: 47e603bb428404d265f59c42920d81e5
Level 31 -> Level 32
Level Goal
There is a git repository at ssh://bandit31-git@localhost/home/bandit31-git/repo. The password
for the user bandit31-git is the same as for the user bandit31.
Clone the repository and find the password for the next level.
bandit31@bandit:~$ mkdir /tmp/azid4
bandit31@bandit:~$ cd /tmp/azid4
bandit31@bandit:/tmp/azid4$ git clone ssh://bandit31-git@localhost/home/bandit31-git/repo
Cloning into 'repo'...
Could not create directory '/home/bandit31/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit31/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit31-git@localhost's password:
remote: Counting objects: 4, done.
remote: Compressing objects: 100% (3/3), done.
Receiving objects: 100% (4/4), 382 bytes | 0 bytes/s, done.
remote: Total 4 (delta 0), reused 0 (delta 0)
bandit31@bandit:/tmp/azid4$ ls
repo
bandit31@bandit:/tmp/azid4$ cd repo
bandit31@bandit:/tmp/azid4/repo$ ls
29/31
README.md
bandit31@bandit:/tmp/azid4/repo$ cat README.md
This time your task is to push a file to the remote repository.
Details:
File name: key.txt
Content: 'May I come in?'
Branch: master
Create a key.txt file with contents ‘May I come in?’
bandit31@bandit:/tmp/azid4/repo$ nano key.txt
Unable to create directory /home/bandit31/.nano: Permission denied
It is required for saving/loading search history or cursor positions.
Press Enter to continue
bandit31@bandit:/tmp/azid4/repo$ cat key.txt
May I come in?
bandit31@bandit:/tmp/azid4/repo$ git add -f key.txt
bandit31@bandit:/tmp/azid4/repo$ git commit -m "."
[master 01a470c] .
1 file changed, 1 insertion(+)
create mode 100644 key.txt
bandit31@bandit:/tmp/azid4/repo$ git push origin
Could not create directory '/home/bandit31/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit31/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit31-git@localhost's password:
Counting objects: 3, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 313 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
remote: ### Attempting to validate files... ####
remote:
remote: .oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.
remote:
remote: Well done! Here is the password for the next level:
remote: 56a9bf19c63d650ce78e6ec0354ee45e
remote:
remote: .oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.
remote:
To ssh://localhost/home/bandit31-git/repo
30/31
! [remote rejected] master -> master (pre-receive hook declined)
error: failed to push some refs to 'ssh://bandit31-git@localhost/home/bandit31-git/repo'
The password to the next level: 56a9bf19c63d650ce78e6ec0354ee45e
Level Goal
There is a git repository at ssh://bandit31-git@localhost/home/bandit31-git/repo. The password
for the user bandit31-git is the same as for the user bandit31.
Clone the repository and find the password for the next level.
bandit31@bandit:~$ mkdir /tmp/azid4
bandit31@bandit:~$ cd /tmp/azid4
bandit31@bandit:/tmp/azid4$ git clone ssh://bandit31-git@localhost/home/bandit31-git/repo
Cloning into 'repo'...
Could not create directory '/home/bandit31/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit31/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit31-git@localhost's password:
remote: Counting objects: 4, done.
remote: Compressing objects: 100% (3/3), done.
Receiving objects: 100% (4/4), 382 bytes | 0 bytes/s, done.
remote: Total 4 (delta 0), reused 0 (delta 0)
bandit31@bandit:/tmp/azid4$ ls
repo
bandit31@bandit:/tmp/azid4$ cd repo
bandit31@bandit:/tmp/azid4/repo$ ls
29/31
README.md
bandit31@bandit:/tmp/azid4/repo$ cat README.md
This time your task is to push a file to the remote repository.
Details:
File name: key.txt
Content: 'May I come in?'
Branch: master
Create a key.txt file with contents ‘May I come in?’
bandit31@bandit:/tmp/azid4/repo$ nano key.txt
Unable to create directory /home/bandit31/.nano: Permission denied
It is required for saving/loading search history or cursor positions.
Press Enter to continue
bandit31@bandit:/tmp/azid4/repo$ cat key.txt
May I come in?
bandit31@bandit:/tmp/azid4/repo$ git add -f key.txt
bandit31@bandit:/tmp/azid4/repo$ git commit -m "."
[master 01a470c] .
1 file changed, 1 insertion(+)
create mode 100644 key.txt
bandit31@bandit:/tmp/azid4/repo$ git push origin
Could not create directory '/home/bandit31/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit31/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit31-git@localhost's password:
Counting objects: 3, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 313 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
remote: ### Attempting to validate files... ####
remote:
remote: .oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.
remote:
remote: Well done! Here is the password for the next level:
remote: 56a9bf19c63d650ce78e6ec0354ee45e
remote:
remote: .oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.
remote:
To ssh://localhost/home/bandit31-git/repo
30/31
! [remote rejected] master -> master (pre-receive hook declined)
error: failed to push some refs to 'ssh://bandit31-git@localhost/home/bandit31-git/repo'
The password to the next level: 56a9bf19c63d650ce78e6ec0354ee45e
Level 32 -> Level 33
After all this git stuff its time for another escape. Good luck!
As soon as we ssh into this level we see:
Enjoy your stay!
WELCOME TO THE UPPERCASE SHELL
>>
>> ls
sh: 1: LS: not found
we try to run ls and it says LS not found. This means that the shell converts all the commands
to Uppercase before executing.
We have to use escape charecters to bypass this.
$0 is used here
>> $0
$ ls -al
total 28
drwxr-xr-x 2 root root 4096 May 7 20:14 .
drwxr-xr-x 41 root root 4096 May 7 20:14 ..
-rw-r--r-- 1 root root 220 May 15 2017 .bash_logout
-rw-r--r-- 1 root root 3526 May 15 2017 .bashrc
-rw-r--r-- 1 root root 675 May 15 2017 .profile
-rwsr-x--- 1 bandit33 bandit32 7556 May 7 20:14 uppershell
$ cat /etc/bandit_pass/bandit33
c9c3199ddf4121b10cf581a98d51caee
The password to the next level: c9c3199ddf4121b10cf581a98d51caee
After all this git stuff its time for another escape. Good luck!
As soon as we ssh into this level we see:
Enjoy your stay!
WELCOME TO THE UPPERCASE SHELL
>>
>> ls
sh: 1: LS: not found
we try to run ls and it says LS not found. This means that the shell converts all the commands
to Uppercase before executing.
We have to use escape charecters to bypass this.
$0 is used here
>> $0
$ ls -al
total 28
drwxr-xr-x 2 root root 4096 May 7 20:14 .
drwxr-xr-x 41 root root 4096 May 7 20:14 ..
-rw-r--r-- 1 root root 220 May 15 2017 .bash_logout
-rw-r--r-- 1 root root 3526 May 15 2017 .bashrc
-rw-r--r-- 1 root root 675 May 15 2017 .profile
-rwsr-x--- 1 bandit33 bandit32 7556 May 7 20:14 uppershell
$ cat /etc/bandit_pass/bandit33
c9c3199ddf4121b10cf581a98d51caee
The password to the next level: c9c3199ddf4121b10cf581a98d51caee
Level 33
bandit31@bandit:~$ ssh bandit33@localhost
31/31
Enjoy your stay!
bandit33@bandit:~$
bandit33@bandit:~$ ls
README.txt
bandit33@bandit:~$ cat README.txt
Congratulations on solving the last level of this game!
At this moment, there are no more levels to play in this game. However, we are constantly
working
on new levels and will most likely expand this game with more levels soon.
Keep an eye out for an announcement on our usual communication channels!
In the meantime, you could play some of our other wargames.
If you have an idea for an awesome new level, please let us know!
bandit33@bandit:~$
bandit31@bandit:~$ ssh bandit33@localhost
31/31
Enjoy your stay!
bandit33@bandit:~$
bandit33@bandit:~$ ls
README.txt
bandit33@bandit:~$ cat README.txt
Congratulations on solving the last level of this game!
At this moment, there are no more levels to play in this game. However, we are constantly
working
on new levels and will most likely expand this game with more levels soon.
Keep an eye out for an announcement on our usual communication channels!
In the meantime, you could play some of our other wargames.
If you have an idea for an awesome new level, please let us know!
bandit33@bandit:~$
The End
We are done!
We have successfully completed all levels and have finished the OverTheWire Bandit wargame.
This was a really nice war-game that teaches you basic Linux.
This was fun and I learnt a lot.
We are done!
We have successfully completed all levels and have finished the OverTheWire Bandit wargame.
This was a really nice war-game that teaches you basic Linux.
This was fun and I learnt a lot.
Regards,
AZID
Comments
Post a Comment