Level Goal
There is a git repository at ssh://bandit28-git@localhost/home/bandit28-git/repo
. The password for the user bandit28-git
is the same as for the user bandit28
.
Clone the repository and find the password for the next level.
Use ssh to login the server with the following information.
- Username: bandit28
- Password: 0ef186ac70e04ea33b4c1853d2526fa2
- Host: bandit.labs.overthewire.org
- Port: 2220
$ ssh bandit28@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargamesbandit28@bandit.labs.overthewire.org's password:
0ef186ac70e04ea33b4c1853d2526fa2
Let’s find the password for the next level.
bandit28@bandit:~$ mkdir -p /tmp/secttp
bandit28@bandit:~$ cd /tmp/secttpbandit28@bandit:/tmp/secttp$ git clone ssh://bandit28-git@localhost/home/bandit28-git/repo
Cloning into 'repo'...
Could not create directory '/home/bandit28/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit28/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargamesbandit28-git@localhost's password:
0ef186ac70e04ea33b4c1853d2526fa2remote: Counting objects: 9, done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 9 (delta 2), reused 0 (delta 0)
Receiving objects: 100% (9/9), done.
Resolving deltas: 100% (2/2), done.bandit28@bandit:/tmp/secttp$ ls -al repo/
total 16
drwxr-sr-x 3 bandit28 root 4096 Mar 27 16:02 .
drwxr-sr-x 3 bandit28 root 4096 Mar 27 16:02 ..
drwxr-sr-x 8 bandit28 root 4096 Mar 27 16:02 .git
-rw-r--r-- 1 bandit28 root 111 Mar 27 16:02 README.md
bandit28@bandit:/tmp/secttp$ cat repo/README.md
# Bandit Notes
Some notes for level29 of bandit.## credentials- username: bandit29
- password: xxxxxxxxxxbandit28@bandit:/tmp/secttp$
There’s no password in the README file. Now, we check the committed history of this repo using git log
.
bandit28@bandit:/tmp/secttp$ cd repo/
bandit28@bandit:/tmp/secttp/repo$ git log
commit 073c27c130e6ee407e12faad1dd3848a110c4f95
Author: Morla Porla <morla@overthewire.org>
Date: Tue Oct 16 14:00:39 2018 +0200fix info leakcommit 186a1038cc54d1358d42d468cdc8e3cc28a93fcb
Author: Morla Porla <morla@overthewire.org>
Date: Tue Oct 16 14:00:39 2018 +0200add missing datacommit b67405defc6ef44210c53345fc953e6a21338cc7
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:39 2018 +0200initial commit of README.md
Obviously, the password leakage had been fixed. Use git log
command with -p
option, which shows the diff introduced in each commit. We can also use -1
option, which limits the output to only the last entry.
bandit28@bandit:/tmp/secttp/repo$ git log -p -1
commit 073c27c130e6ee407e12faad1dd3848a110c4f95
Author: Morla Porla <morla@overthewire.org>
Date: Tue Oct 16 14:00:39 2018 +0200fix info leakdiff --git a/README.md b/README.md
index 3f7cee8..5c6457b 100644
--- a/README.md
+++ b/README.md
@@ -4,5 +4,5 @@ Some notes for level29 of bandit.
## credentials- username: bandit29
-- password: bbc96594b4e001778eee9975372716b2
+- password: xxxxxxxxxx
Got it!