home about me security writeups subscribe

BB

technology and craziness.

BB

technology and craziness.

OverTheWire - Bandit - Level 30 → Level 31

  | #Bandit #En #OverTheWire #Walkthrough #Writeup
 263 words   2 minutes 
Warning: This post contains a solution!
Only continue if:
1.) you want to see a possible alternative solution or
2.) you are stuck and need a hint!

Connect to the server using the following credentials:

Server: bandit.labs.overthewire.org
Port: 2220
Username: bandit30
Password: 5b90xxxxxxxxxxxxxxxxxxxxxxxxxxxx

Level Goal is:

There is a git repository at ssh://bandit30-git@localhost/home/bandit30-git/repo. The password for the user bandit30-git is the same as for the user bandit30.
Clone the repository and find the password for the next level.

Clone the repository and check folders/files.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19

λ git clone ssh://bandit30-git@bandit.labs.overthewire.org:2220/home/bandit30-git/repo
Cloning into 'repo'...
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames

bandit30-git@bandit.labs.overthewire.org password:
remote: Counting objects: 4, done.
remote: Total 4 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (4/4), done.

Y:\Sites\www.overthewire.org\bandit\level30_31
λ cd repo\

Y:\Sites\www.overthewire.org\bandit\level30_31\repo (master -> origin)
λ ls
README.md

Y:\Sites\www.overthewire.org\bandit\level30_31\repo (master -> origin)
λ cat README.md
just an epmty file... muahaha

Hmm, ok. First check if there are other branches available.

1
2
3
4

λ git branch -a
* master
  remotes/origin/HEAD -> origin/master
  remotes/origin/master

Doesn’t look so. Take a look at the git log.

1
2
3
4
5
6

λ git log
commit 3aa4c239f729b07deb99a52f125893e162daac9e (HEAD -> master, origin/master, origin/HEAD)
Author: Ben Dover <noone@overthewire.org>
Date:   Tue Oct 16 14:00:44 2018 +0200

    initial commit of README.md

Also nothing interesting here.Next check if there are tags.

1
2

λ git tag -l
secret

One tag named secret found. Checking the content reveals the password.

1
2

λ git show secret
47e6xxxxxxxxxxxxxxxxxxxxxxxxxxxx
Updated on 2019-10-07

Was my post useful? Consider buying me a coffee ☕️
Back | Home