Level Goal
There is a git repository at ssh://bandit30-git@localhost/home/bandit30-git/repo
. The password for the user bandit30-git
is the same as for the user bandit30
.
Clone the repository and find the password for the next level.
Use ssh to login the server with the following information.
- Username: bandit30
- Password: 5b90576bedb2cc04c86a9e924ce42faf
- Host: bandit.labs.overthewire.org
- Port: 2220
$ ssh bandit30@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargamesbandit30@bandit.labs.overthewire.org's password:
5b90576bedb2cc04c86a9e924ce42faf
Let’s find the password for the next level.
bandit30@bandit:~$ mkdir -p /tmp/secttp
bandit30@bandit:~$ cd /tmp/secttp
bandit30@bandit:/tmp/secttp$ git clone ssh://bandit30-git@localhost/home/bandit30-git/repo
Cloning into 'repo'...
Could not create directory '/home/bandit30/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit30/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargamesbandit30-git@localhost's password:
5b90576bedb2cc04c86a9e924ce42fafremote: Counting objects: 4, done.
remote: Total 4 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (4/4), done.
bandit30@bandit:/tmp/secttp$ cd repo/
bandit30@bandit:/tmp/secttp/repo$
After checking the branches and commit history, there’s no password in previous commits or branches here.
bandit30@bandit:/tmp/secttp/repo$ cat README.md
just an epmty file... muahaha
bandit30@bandit:/tmp/secttp/repo$ git log -p
commit 3aa4c239f729b07deb99a52f125893e162daac9e
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:44 2018 +0200initial commit of README.mddiff --git a/README.md b/README.md
new file mode 100644
index 0000000..029ba42
--- /dev/null
+++ b/README.md
@@ -0,0 +1 @@
+just an epmty file... muahaha
bandit30@bandit:/tmp/secttp/repo$ git branch -r
origin/HEAD -> origin/master
origin/master
How about git tagging
? Git has the ability to tag specific points in a repository’s history as being important.
bandit30@bandit:/tmp/secttp/repo$ git tag
secret
bandit30@bandit:/tmp/secttp/repo$ git show secret
47e603bb428404d265f59c42920d81e5
Got it!