Post

Bandit: Level 28 - Level 29

Bandit: Level 28 - Level 29

Level 28

Username: bandit28
Password: Yz9IpL0sBcCeuG7m9uQFt8ZNpS4HZRcN

Task:

https://overthewire.org/wargames/bandit/bandit29.html

1
2
3
There is a git repository at ssh://bandit28-git@localhost/home/bandit28-git/repo via the port 2220. The password for the user bandit28-git is the same as for the user bandit28.

Clone the repository and find the password for the next level.

Start

Let’s begin by connecting to the server bandit.labs.overthewire.org and logging in with user bandit28 on port 2220.

Solve the level

First we need a place to clone our git. We create a directory via mkdir:

1
2
bandit28@bandit:/tmp$ mkdir gittest_lvl28
bandit28@bandit:/tmp$ cd gittest_lvl28

Now we clone the git with port 2220.

1
2
bandit28@bandit:/tmp/gittest_lvl28$ git clone ssh://bandit28-git@localhost:2220/home/bandit28-git/repo .
Cloning into '.'...

We have a README.mdfile. Lets read the file:

1
2
3
4
5
6
7
8
9
bandit28@bandit:/tmp/gittest_lvl28$ cat README.md
# Bandit Notes
Some notes for level29 of bandit.

## credentials

- username: bandit29
- password: xxxxxxxxxx

Okay the password is not readable. What we can do is to check the git logs and the commits. That shows us previous changes:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
bandit28@bandit:/tmp/gittest_lvl28/.git$ git log
commit 817e303aa6c2b207ea043c7bba1bb7575dc4ea73 (HEAD -> master, origin/master, origin/HEAD)
Author: Morla Porla <morla@overthewire.org>
Date:   Thu Sep 19 07:08:39 2024 +0000

    fix info leak

commit 3621de89d8eac9d3b64302bfb2dc67e9a566decd
Author: Morla Porla <morla@overthewire.org>
Date:   Thu Sep 19 07:08:39 2024 +0000

    add missing data

commit 0622b73250502618babac3d174724bb303c32182
Author: Ben Dover <noone@overthewire.org>
Date:   Thu Sep 19 07:08:39 2024 +0000

    initial commit of README.md

As we can see, there were made some changes. Probably fix info leak made our password unreadable.

But we can see the changes via git show:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
bandit28@bandit:/tmp/gittest_lvl28/.git$ git show
commit 817e303aa6c2b207ea043c7bba1bb7575dc4ea73 (HEAD -> master, origin/master, origin/HEAD)
Author: Morla Porla <morla@overthewire.org>
Date:   Thu Sep 19 07:08:39 2024 +0000

    fix info leak

diff --git a/README.md b/README.md
index d4e3b74..5c6457b 100644
--- a/README.md
+++ b/README.md
@@ -4,5 +4,5 @@ Some notes for level29 of bandit.
 ## credentials

 - username: bandit29
-- password: 4pT1t5DENaYuqnqvadYs1oE4QLCdjmJ7
+- password: xxxxxxxxxx

You can see with -- and +- which parts of project were edited.

Password: 4pT1t5DENaYuqnqvadYs1oE4QLCdjmJ7

This post is licensed under CC BY 4.0 by the author.