Open in app

Sign in

Write

Sign in

OverTheWire: Bandit Level 19

S.P.
SecTTP
Published in
1 min readMar 25, 2019

http://overthewire.org/wargames/bandit/bandit20.html

Level Goal

To gain access to the next level, you should use the setuid binary in the homedirectory. Execute it without arguments to find out how to use it. The password for this level can be found in the usual place (/etc/bandit_pass), after you have used the setuid binary.

Use ssh to login the server with the following information.

  • Username: bandit19
  • Password: IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x
  • Host: bandit.labs.overthewire.org
  • Port: 2220
$ ssh bandit19@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargamesbandit19@bandit.labs.overthewire.org's password:
IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x

Let’s find the password for the next level.

bandit19@bandit:~$ ls
bandit20-do
bandit19@bandit:~$ ls -al ./bandit20-do
-rwsr-x--- 1 bandit20 bandit19 7296 Oct 16 14:00 ./bandit20-do
bandit19@bandit:~$ ./bandit20-do
Run a command as another user.
  Example: ./bandit20-do idbandit19@bandit:~$ ./bandit20-do id
uid=11019(bandit19) gid=11019(bandit19) euid=11020(bandit20) groups=11019(bandit19)
bandit19@bandit:~$ ls /etc/bandit_pass/bandit*
/etc/bandit_pass/bandit0   /etc/bandit_pass/bandit17  /etc/bandit_pass/bandit25  /etc/bandit_pass/bandit33
/etc/bandit_pass/bandit1   /etc/bandit_pass/bandit18  /etc/bandit_pass/bandit26  /etc/bandit_pass/bandit4
/etc/bandit_pass/bandit10  /etc/bandit_pass/bandit19  /etc/bandit_pass/bandit27  /etc/bandit_pass/bandit5
/etc/bandit_pass/bandit11  /etc/bandit_pass/bandit2   /etc/bandit_pass/bandit28  /etc/bandit_pass/bandit6
/etc/bandit_pass/bandit12  /etc/bandit_pass/bandit20  /etc/bandit_pass/bandit29  /etc/bandit_pass/bandit7
/etc/bandit_pass/bandit13  /etc/bandit_pass/bandit21  /etc/bandit_pass/bandit3   /etc/bandit_pass/bandit8
/etc/bandit_pass/bandit14  /etc/bandit_pass/bandit22  /etc/bandit_pass/bandit30  /etc/bandit_pass/bandit9
/etc/bandit_pass/bandit15  /etc/bandit_pass/bandit23  /etc/bandit_pass/bandit31  /etc/bandit_pass/bandit16  /etc/bandit_pass/bandit24  /etc/bandit_pass/bandit32
bandit19@bandit:~$ ls /etc/bandit_pass/bandit20
/etc/bandit_pass/bandit20
bandit19@bandit:~$ cat /etc/bandit_pass/bandit20
cat: /etc/bandit_pass/bandit20: Permission deniedbandit19@bandit:~$ ./bandit20-do cat /etc/bandit_pass/bandit20
GbKksEFF4yrVs6il55v6gwY5aVje5f0j

Got it!

Linux
Command Line
Ctf
Overthewire

--

--

S.P.
SecTTP

Written by S.P.

161 Followers
Writer for

Security Researcher

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams