OverTheWire. Bandit Niveles 25 - 33
Continuamos con la serie de "Write Ups" de OverTheWire y Bandit. En esta ocasión veremos las soluciones para los niveles desde el 25 al 33. Con esta entrega finalizamos la entrega de soluciones de los diferentes niveles que a fecha de hoy están disponibles en la serie Bandit de esta gran plataforma de aprendizaje que nos permite jugar, divertirnos y aprender. Vamos allá !!!
Bandit Level 25 → Level 26
Level Goal
Logging in to bandit26 from bandit25 should be fairly easy… The shell for user bandit26 is not /bin/bash, but something else. Find out what it is, how it works and how to break out of it.
Commands you may need to solve this level
ssh, cat, more, vi, ls, id, pwd
Solución Nivel 25
bandit25@bandit:~$ ls
bandit26.sshkey
bandit25@bandit:~$ ssh -i bandit26.sshkey bandit26@localhost
Could not create directory '/home/bandit25/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)?
.
.
.
Enjoy your stay!
_ _ _ _ ___ __
| | | (_) | |__ \ / /
| |__ __ _ _ __ __| |_| |_ ) / /_
| '_ \ / _` | '_ \ / _` | | __| / / '_ \
| |_) | (_| | | | | (_| | | |_ / /| (_) |
|_.__/ \__,_|_| |_|\__,_|_|\__|____\___/
Connection to localhost closed.
bandit25@bandit:~$ cat /etc/passwd
.
.
.
bandit23:x:11023:11023:bandit level 23:/home/bandit23:/bin/bash
bandit24:x:11024:11024:bandit level 24:/home/bandit24:/bin/bash
bandit25:x:11025:11025:bandit level 25:/home/bandit25:/bin/bash
bandit26:x:11026:11026:bandit level 26:/home/bandit26:/usr/bin/showtext
bandit27:x:11027:11027:bandit level 27:/home/bandit27:/bin/bash
bandit28:x:11028:11028:bandit level 28:/home/bandit28:/bin/bash
bandit29:x:11029:11029:bandit level 29:/home/bandit29:/bin/bash
bandit3:x:11003:11003:bandit level 3:/home/bandit3:/bin/bash
.
.
.
bandit25@bandit:~$ cat /usr/bin/showtext
#!/bin/sh
export TERM=linux
more ~/text.txt
exit 0
(*) more permite realizar una pausa en pantalla si el texto a mostrar no cabe en la
terminal. Pero además permite multiples cosas más como ejecutar comandos.
(*) la solucion parte por poner nuestra terminal con un tamaño pequeño realizar la
conexión con ssh a ver que pasa.
(*) vemos que podemos entrar en modo editor pulsaldo v para abrir vim. Y desde vim,
podemos abrir otro archivo, en este caso el pass de bandit26. Para ello una vez
tengamos el cartel de more, pulsamos v, nos abre vim, pulsamos : para entrar en
la consola de comandos y ejecutamos con el comando e /etc/bandit_pass/bandit26
el resultado será el siguiente dentro de vim abriremos el archivo bandit26
5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z
~
~
~
~
~
bandit26.sshkey
bandit25@bandit:~$ ssh -i bandit26.sshkey bandit26@localhost
Could not create directory '/home/bandit25/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)?
.
.
.
Enjoy your stay!
_ _ _ _ ___ __
| | | (_) | |__ \ / /
| |__ __ _ _ __ __| |_| |_ ) / /_
| '_ \ / _` | '_ \ / _` | | __| / / '_ \
| |_) | (_| | | | | (_| | | |_ / /| (_) |
|_.__/ \__,_|_| |_|\__,_|_|\__|____\___/
Connection to localhost closed.
bandit25@bandit:~$ cat /etc/passwd
.
.
.
bandit23:x:11023:11023:bandit level 23:/home/bandit23:/bin/bash
bandit24:x:11024:11024:bandit level 24:/home/bandit24:/bin/bash
bandit25:x:11025:11025:bandit level 25:/home/bandit25:/bin/bash
bandit26:x:11026:11026:bandit level 26:/home/bandit26:/usr/bin/showtext
bandit27:x:11027:11027:bandit level 27:/home/bandit27:/bin/bash
bandit28:x:11028:11028:bandit level 28:/home/bandit28:/bin/bash
bandit29:x:11029:11029:bandit level 29:/home/bandit29:/bin/bash
bandit3:x:11003:11003:bandit level 3:/home/bandit3:/bin/bash
.
.
.
bandit25@bandit:~$ cat /usr/bin/showtext
#!/bin/sh
export TERM=linux
more ~/text.txt
exit 0
(*) more permite realizar una pausa en pantalla si el texto a mostrar no cabe en la
terminal. Pero además permite multiples cosas más como ejecutar comandos.
(*) la solucion parte por poner nuestra terminal con un tamaño pequeño realizar la
conexión con ssh a ver que pasa.
(*) vemos que podemos entrar en modo editor pulsaldo v para abrir vim. Y desde vim,
podemos abrir otro archivo, en este caso el pass de bandit26. Para ello una vez
tengamos el cartel de more, pulsamos v, nos abre vim, pulsamos : para entrar en
la consola de comandos y ejecutamos con el comando e /etc/bandit_pass/bandit26
el resultado será el siguiente dentro de vim abriremos el archivo bandit26
5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z
~
~
~
~
~
Password Acceso Nivel 26 : 5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z
Bandit Level 26 → Level 27
Level Goal
Good job getting a shell! Now hurry and grab the password for bandit27!
Commands you may need to solve this level
ls
Solución Nivel 26
(*) Con el mismo procedimiento que hemos aplicado para obtener el password desde la consola de vim.
(*) Desde la consola de comandos de vin, creamos una variable de entorno que nos permite tener una shell. Para ello una vez dentro de vim, pulsamos los ":" para introducir comandos.
~
~
:set shell=/bin/bash
(*) Ahora desde la consola intentamos ejecutar la shell. Nuevamente pulsando ":" para introducir comandos si como comando ponemos shell que es la variable de entorno a la que hemos asociado "/BIN/BASH".
~
~
:shell
bandit26@bandit:~$
bandit26@bandit:~$ ls
bandit27-do text.txt
bandit26@bandit:~$
bandit26@bandit:~$ cat text.txt
_ _ _ _ ___ __
| | | (_) | |__ \ / /
| |__ __ _ _ __ __| |_| |_ ) / /_
| '_ \ / _` | '_ \ / _` | | __| / / '_ \
| |_) | (_| | | | | (_| | | |_ / /| (_) |
|_.__/ \__,_|_| |_|\__,_|_|\__|____\___/
bandit26@bandit:~$ bandit27-do
bash: bandit27-do: command not found
bandit26@bandit:~$ ./bandit27-do
Run a command as another user.
Example: ./bandit27-do id
bandit26@bandit:~$ ls -la
total 36
drwxr-xr-x 3 root root 4096 Oct 16 14:00 .
drwxr-xr-x 41 root root 4096 Oct 16 14:00 ..
-rwsr-x--- 1 bandit27 bandit26 7296 Oct 16 14:00 bandit27-do
-rw-r--r-- 1 root root 220 May 15 2017 .bash_logout
-rw-r--r-- 1 root root 3526 May 15 2017 .bashrc
-rw-r--r-- 1 root root 675 May 15 2017 .profile
drwxr-xr-x 2 root root 4096 Oct 16 14:00 .ssh
-rw-r----- 1 bandit26 bandit26 258 Oct 16 14:00 text.txt
bandit26@bandit:~$
(*) Tenemos permiso de ejecución así que vamos a tratar de obtener el password.
bandit26@bandit:~$ ./bandit27-do cat /etc/bandit_pass/bandit27
3ba3118a22e93127a4ed485be72ef5ea
(*) Desde la consola de comandos de vin, creamos una variable de entorno que nos permite tener una shell. Para ello una vez dentro de vim, pulsamos los ":" para introducir comandos.
~
~
:set shell=/bin/bash
(*) Ahora desde la consola intentamos ejecutar la shell. Nuevamente pulsando ":" para introducir comandos si como comando ponemos shell que es la variable de entorno a la que hemos asociado "/BIN/BASH".
~
~
:shell
bandit26@bandit:~$
bandit26@bandit:~$ ls
bandit27-do text.txt
bandit26@bandit:~$
bandit26@bandit:~$ cat text.txt
_ _ _ _ ___ __
| | | (_) | |__ \ / /
| |__ __ _ _ __ __| |_| |_ ) / /_
| '_ \ / _` | '_ \ / _` | | __| / / '_ \
| |_) | (_| | | | | (_| | | |_ / /| (_) |
|_.__/ \__,_|_| |_|\__,_|_|\__|____\___/
bandit26@bandit:~$ bandit27-do
bash: bandit27-do: command not found
bandit26@bandit:~$ ./bandit27-do
Run a command as another user.
Example: ./bandit27-do id
bandit26@bandit:~$ ls -la
total 36
drwxr-xr-x 3 root root 4096 Oct 16 14:00 .
drwxr-xr-x 41 root root 4096 Oct 16 14:00 ..
-rwsr-x--- 1 bandit27 bandit26 7296 Oct 16 14:00 bandit27-do
-rw-r--r-- 1 root root 220 May 15 2017 .bash_logout
-rw-r--r-- 1 root root 3526 May 15 2017 .bashrc
-rw-r--r-- 1 root root 675 May 15 2017 .profile
drwxr-xr-x 2 root root 4096 Oct 16 14:00 .ssh
-rw-r----- 1 bandit26 bandit26 258 Oct 16 14:00 text.txt
bandit26@bandit:~$
(*) Tenemos permiso de ejecución así que vamos a tratar de obtener el password.
bandit26@bandit:~$ ./bandit27-do cat /etc/bandit_pass/bandit27
3ba3118a22e93127a4ed485be72ef5ea
Password Acceso Nivel 27 : 3ba3118a22e93127a4ed485be72ef5ea
Bandit Level 27 → Level 28
Level Goal
There is a git repository at
ssh://bandit27-git@localhost/home/bandit27-git/repo. The password for the user bandit27-git is the same as for the user bandit27.
Clone the repository and find the password for the next level.
Commands you may need to solve this level
git
Solución Nivel 27
bandit27@bandit:/tmp/jperez3$ mkdir git
bandit27@bandit:/tmp/jperez3$ cd git
bandit27@bandit:/tmp/jperez3/git$ git clone "ssh://bandit27-git@localhost/home/bandit27-git/repo"
Cloning into 'repo'...
Could not create directory '/home/bandit27/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit27/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit27-git@localhost's password:
remote: Counting objects: 3, done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (3/3), done.
bandit27@bandit:/tmp/jperez3/git$ ls
repo
bandit27@bandit:/tmp/jperez3/git$ cd repo
bandit27@bandit:/tmp/jperez3/git/repo$ ls
README
bandit27@bandit:/tmp/jperez3/git/repo$ cat README
The password to the next level is: 0ef186ac70e04ea33b4c1853d2526fa2
bandit27@bandit:/tmp/jperez3$ cd git
bandit27@bandit:/tmp/jperez3/git$ git clone "ssh://bandit27-git@localhost/home/bandit27-git/repo"
Cloning into 'repo'...
Could not create directory '/home/bandit27/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit27/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit27-git@localhost's password:
remote: Counting objects: 3, done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (3/3), done.
bandit27@bandit:/tmp/jperez3/git$ ls
repo
bandit27@bandit:/tmp/jperez3/git$ cd repo
bandit27@bandit:/tmp/jperez3/git/repo$ ls
README
bandit27@bandit:/tmp/jperez3/git/repo$ cat README
The password to the next level is: 0ef186ac70e04ea33b4c1853d2526fa2
Password Acceso Nivel 28 : 0ef186ac70e04ea33b4c1853d2526fa2
Bandit Level 28 → Level 29
Level Goal
There is a git repository at
ssh://bandit28-git@localhost/home/bandit28-git/repo. The password for the user bandit28-git is the same as for the user bandit28.
Clone the repository and find the password for the next level.
Commands you may need to solve this level
git
Solución Nivel 28
(*) Clonamos el repositorio con git clone "ssh://bandit28-git@localhost/home/bandit28-git/repo" en una carpeta temporal.
bandit28@bandit:/tmp/jperez3/git28/repo$ cat README.md
# Bandit Notes
Some notes for level29 of bandit.
## credentials
- username: bandit29
- password: xxxxxxxxxx
(*) con git log podemos ver un log de cambios ejecutados en el repositorio.
bandit28@bandit:/tmp/jperez3/git28/repo$ git log
commit 073c27c130e6ee407e12faad1dd3848a110c4f95
Author: Morla Porla <morla@overthewire.org>
Date: Tue Oct 16 14:00:39 2018 +0200
fix info leak
commit 186a1038cc54d1358d42d468cdc8e3cc28a93fcb
Author: Morla Porla <morla@overthewire.org>
Date: Tue Oct 16 14:00:39 2018 +0200
add missing data
commit b67405defc6ef44210c53345fc953e6a21338cc7
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:39 2018 +0200
initial commit of README.md
(*) con git show y el hash que identifica los cambios "commit" podemos ver los cambios que se han aplicado en esa revisión.
bandit28@bandit:/tmp/jperez3/git28/repo$ git show 186a1038cc54d1358d42d468cdc8e3cc28a93fcb
commit 186a1038cc54d1358d42d468cdc8e3cc28a93fcb
Author: Morla Porla <morla@overthewire.org>
Date: Tue Oct 16 14:00:39 2018 +0200
add missing data
diff --git a/README.md b/README.md
index 7ba2d2f..3f7cee8 100644
--- a/README.md
+++ b/README.md
@@ -4,5 +4,5 @@ Some notes for level29 of bandit.
## credentials
- username: bandit29
-- password: <TBD>
+- password: bbc96594b4e001778eee9975372716b2
bandit28@bandit:/tmp/jperez3/git28/repo$
bandit28@bandit:/tmp/jperez3/git28/repo$ cat README.md
# Bandit Notes
Some notes for level29 of bandit.
## credentials
- username: bandit29
- password: xxxxxxxxxx
(*) con git log podemos ver un log de cambios ejecutados en el repositorio.
bandit28@bandit:/tmp/jperez3/git28/repo$ git log
commit 073c27c130e6ee407e12faad1dd3848a110c4f95
Author: Morla Porla <morla@overthewire.org>
Date: Tue Oct 16 14:00:39 2018 +0200
fix info leak
commit 186a1038cc54d1358d42d468cdc8e3cc28a93fcb
Author: Morla Porla <morla@overthewire.org>
Date: Tue Oct 16 14:00:39 2018 +0200
add missing data
commit b67405defc6ef44210c53345fc953e6a21338cc7
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:39 2018 +0200
initial commit of README.md
(*) con git show y el hash que identifica los cambios "commit" podemos ver los cambios que se han aplicado en esa revisión.
bandit28@bandit:/tmp/jperez3/git28/repo$ git show 186a1038cc54d1358d42d468cdc8e3cc28a93fcb
commit 186a1038cc54d1358d42d468cdc8e3cc28a93fcb
Author: Morla Porla <morla@overthewire.org>
Date: Tue Oct 16 14:00:39 2018 +0200
add missing data
diff --git a/README.md b/README.md
index 7ba2d2f..3f7cee8 100644
--- a/README.md
+++ b/README.md
@@ -4,5 +4,5 @@ Some notes for level29 of bandit.
## credentials
- username: bandit29
-- password: <TBD>
+- password: bbc96594b4e001778eee9975372716b2
bandit28@bandit:/tmp/jperez3/git28/repo$
Password Acceso Nivel 29 : bbc96594b4e001778eee9975372716b2
Bandit Level 33 → Level 34
Esperamos que esta serie de soluciones de OverTheWire - Bandit os resultase útil. Hasta la próxima.
Bandit Level 29 → Level 30
Level Goal
There is a git repository at
ssh://bandit29-git@localhost/home/bandit29-git/repo. The password for the user bandit29-git is the same as for the user bandit29.
Clone the repository and find the password for the next level.
Commands you may need to solve this level
git
Solución Nivel 29
bandit29@bandit:/tmp$ mkdir git29
bandit29@bandit:/tmp$ cd git29
bandit29@bandit:/tmp/git29$ ls
bandit29@bandit:/tmp/git29$ git clone ssh://bandit29-git@localhost/home/bandit29-git/repo
Cloning into 'repo'...
Could not create directory '/home/bandit29/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit29/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit29-git@localhost's password:
remote: Counting objects: 16, done.
remote: Compressing objects: 100% (11/11), done.
remote: Total 16 (delta 2), reused 0 (delta 0)
Receiving objects: 100% (16/16), done.
Resolving deltas: 100% (2/2), done.
bandit29@bandit:/tmp/git29$ ls
repo
bandit29@bandit:/tmp/git29$ cd repo
bandit29@bandit:/tmp/git29/repo$ ls
README.md
bandit29@bandit:/tmp/git29/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.
## credentials
- username: bandit30
- password: <no passwords in production!>
bandit29@bandit:/tmp/git29/repo$
bandit29@bandit:/tmp/git29/repo$ git log
commit 84abedc104bbc0c65cb9eb74eb1d3057753e70f8
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:41 2018 +0200
fix username
commit 9b19e7d8c1aadf4edcc5b15ba8107329ad6c5650
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:41 2018 +0200
initial commit of README.md
bandit29@bandit:/tmp/git29/repo$ git show 84abedc104bbc0c65cb9eb74eb1d3057753e70f8
commit 84abedc104bbc0c65cb9eb74eb1d3057753e70f8
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:41 2018 +0200
fix username
diff --git a/README.md b/README.md
index 2da2f39..1af21d3 100644
--- a/README.md
+++ b/README.md
@@ -3,6 +3,6 @@ Some notes for bandit30 of bandit.
## credentials
-- username: bandit29
+- username: bandit30
- password: <no passwords in production!>
bandit29@bandit:/tmp/git29/repo$ git show 9b19e7d8c1aadf4edcc5b15ba8107329ad6c5650
commit 9b19e7d8c1aadf4edcc5b15ba8107329ad6c5650
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:41 2018 +0200
initial commit of README.md
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..2da2f39
--- /dev/null
+++ b/README.md
@@ -0,0 +1,8 @@
+# Bandit Notes
+Some notes for bandit30 of bandit.
+
+## credentials
+
+- username: bandit29
+- password: <no passwords in production!>
+
(*) Con "git branch -a" podemos ver todas las ramas existentes en el repositorio.
bandit29@bandit:/tmp/git29/repo$ git branch -a
* master
remotes/origin/HEAD -> origin/master
remotes/origin/dev
remotes/origin/master
remotes/origin/sploits-dev
bandit29@bandit:/tmp/git29/repo$
(*) Con git checkout podemos restaurar o seleccionar una de las ramas existentes.
bandit29@bandit:/tmp/git29/repo$ git checkout remotes/origin/dev
Note: checking out 'remotes/origin/dev'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b <new-branch-name>
HEAD is now at 33ce2e9... add data needed for development
bandit29@bandit:/tmp/git29/repo$ git log
commit 33ce2e95d9c5d6fb0a40e5ee9a2926903646b4e3
Author: Morla Porla <morla@overthewire.org>
Date: Tue Oct 16 14:00:41 2018 +0200
add data needed for development
commit a8af722fccd4206fc3780bd3ede35b2c03886d9b
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:41 2018 +0200
add gif2ascii
commit 84abedc104bbc0c65cb9eb74eb1d3057753e70f8
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:41 2018 +0200
fix username
commit 9b19e7d8c1aadf4edcc5b15ba8107329ad6c5650
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:41 2018 +0200
initial commit of README.md
bandit29@bandit:/tmp/git29/repo$
bandit29@bandit:/tmp/git29/repo$ git show 33ce2e95d9c5d6fb0a40e5ee9a2926903646b4e3
commit 33ce2e95d9c5d6fb0a40e5ee9a2926903646b4e3
Author: Morla Porla <morla@overthewire.org>
Date: Tue Oct 16 14:00:41 2018 +0200
add data needed for development
diff --git a/README.md b/README.md
index 1af21d3..39b87a8 100644
--- a/README.md
+++ b/README.md
@@ -4,5 +4,5 @@ Some notes for bandit30 of bandit.
## credentials
- username: bandit30
-- password: <no passwords in production!>
+- password: 5b90576bedb2cc04c86a9e924ce42faf
bandit29@bandit:/tmp$ cd git29
bandit29@bandit:/tmp/git29$ ls
bandit29@bandit:/tmp/git29$ git clone ssh://bandit29-git@localhost/home/bandit29-git/repo
Cloning into 'repo'...
Could not create directory '/home/bandit29/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit29/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit29-git@localhost's password:
remote: Counting objects: 16, done.
remote: Compressing objects: 100% (11/11), done.
remote: Total 16 (delta 2), reused 0 (delta 0)
Receiving objects: 100% (16/16), done.
Resolving deltas: 100% (2/2), done.
bandit29@bandit:/tmp/git29$ ls
repo
bandit29@bandit:/tmp/git29$ cd repo
bandit29@bandit:/tmp/git29/repo$ ls
README.md
bandit29@bandit:/tmp/git29/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.
## credentials
- username: bandit30
- password: <no passwords in production!>
bandit29@bandit:/tmp/git29/repo$
bandit29@bandit:/tmp/git29/repo$ git log
commit 84abedc104bbc0c65cb9eb74eb1d3057753e70f8
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:41 2018 +0200
fix username
commit 9b19e7d8c1aadf4edcc5b15ba8107329ad6c5650
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:41 2018 +0200
initial commit of README.md
bandit29@bandit:/tmp/git29/repo$ git show 84abedc104bbc0c65cb9eb74eb1d3057753e70f8
commit 84abedc104bbc0c65cb9eb74eb1d3057753e70f8
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:41 2018 +0200
fix username
diff --git a/README.md b/README.md
index 2da2f39..1af21d3 100644
--- a/README.md
+++ b/README.md
@@ -3,6 +3,6 @@ Some notes for bandit30 of bandit.
## credentials
-- username: bandit29
+- username: bandit30
- password: <no passwords in production!>
bandit29@bandit:/tmp/git29/repo$ git show 9b19e7d8c1aadf4edcc5b15ba8107329ad6c5650
commit 9b19e7d8c1aadf4edcc5b15ba8107329ad6c5650
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:41 2018 +0200
initial commit of README.md
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..2da2f39
--- /dev/null
+++ b/README.md
@@ -0,0 +1,8 @@
+# Bandit Notes
+Some notes for bandit30 of bandit.
+
+## credentials
+
+- username: bandit29
+- password: <no passwords in production!>
+
(*) Con "git branch -a" podemos ver todas las ramas existentes en el repositorio.
bandit29@bandit:/tmp/git29/repo$ git branch -a
* master
remotes/origin/HEAD -> origin/master
remotes/origin/dev
remotes/origin/master
remotes/origin/sploits-dev
bandit29@bandit:/tmp/git29/repo$
(*) Con git checkout podemos restaurar o seleccionar una de las ramas existentes.
bandit29@bandit:/tmp/git29/repo$ git checkout remotes/origin/dev
Note: checking out 'remotes/origin/dev'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b <new-branch-name>
HEAD is now at 33ce2e9... add data needed for development
bandit29@bandit:/tmp/git29/repo$ git log
commit 33ce2e95d9c5d6fb0a40e5ee9a2926903646b4e3
Author: Morla Porla <morla@overthewire.org>
Date: Tue Oct 16 14:00:41 2018 +0200
add data needed for development
commit a8af722fccd4206fc3780bd3ede35b2c03886d9b
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:41 2018 +0200
add gif2ascii
commit 84abedc104bbc0c65cb9eb74eb1d3057753e70f8
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:41 2018 +0200
fix username
commit 9b19e7d8c1aadf4edcc5b15ba8107329ad6c5650
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:41 2018 +0200
initial commit of README.md
bandit29@bandit:/tmp/git29/repo$
bandit29@bandit:/tmp/git29/repo$ git show 33ce2e95d9c5d6fb0a40e5ee9a2926903646b4e3
commit 33ce2e95d9c5d6fb0a40e5ee9a2926903646b4e3
Author: Morla Porla <morla@overthewire.org>
Date: Tue Oct 16 14:00:41 2018 +0200
add data needed for development
diff --git a/README.md b/README.md
index 1af21d3..39b87a8 100644
--- a/README.md
+++ b/README.md
@@ -4,5 +4,5 @@ Some notes for bandit30 of bandit.
## credentials
- username: bandit30
-- password: <no passwords in production!>
+- password: 5b90576bedb2cc04c86a9e924ce42faf
Password Acceso Nivel 30 : 5b90576bedb2cc04c86a9e924ce42faf
Bandit Level 30 → Level 31
Level Goal
There is a git repository at
ssh://bandit30-git@localhost/home/bandit30-git/repo. The password for the user bandit30-git is the same as for the user bandit30.
Clone the repository and find the password for the next level.
Commands you may need to solve this level
git
Solución Nivel 30
bandit30@bandit:/tmp/jperez3/git30/repo$ git log
commit 3aa4c239f729b07deb99a52f125893e162daac9e
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:44 2018 +0200
initial commit of README.md
[ Información Documentación Git ]
Reference logs, or "reflogs", record when the tips of branches and other references were updated in the local repository. Reflogs are useful in various Git commands, to specify the old value of a reference. For example,
bandit30@bandit:/tmp/jperez3/git30/repo$ git reflog
3aa4c23 HEAD@{0}: checkout: moving from master to remotes/origin/master
3aa4c23 HEAD@{1}: clone: from ssh://bandit30-git@localhost/home/bandit30-git/repo
bandit30@bandit:/tmp/jperez3/git30/repo$ cd .git
bandit30@bandit:/tmp/jperez3/git30/repo/.git$ ls
branches description hooks info objects refs
config HEAD index logs packed-refs
[ Información Documentación Git ]
git-pack-refs - Pack heads and tags for efficient repository access
bandit30@bandit:/tmp/jperez3/git30/repo/.git$ cat packed-refs
# pack-refs with: peeled fully-peeled
3aa4c239f729b07deb99a52f125893e162daac9e refs/remotes/origin/master
f17132340e8ee6c159e0a4a6bc6f80e1da3b1aea refs/tags/secret
bandit30@bandit:/tmp/jperez3/git30/repo$ git show f17132340e8ee6c159e0a4a6bc6f80e1da3b1aea
47e603bb428404d265f59c42920d81e5
commit 3aa4c239f729b07deb99a52f125893e162daac9e
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:44 2018 +0200
initial commit of README.md
[ Información Documentación Git ]
Reference logs, or "reflogs", record when the tips of branches and other references were updated in the local repository. Reflogs are useful in various Git commands, to specify the old value of a reference. For example,
HEAD@{2} means "where HEAD used to be two moves ago", master@{one.week.ago}means "where master used to point to one week ago in this local repository", and so on. See gitrevisions[7]for more details.bandit30@bandit:/tmp/jperez3/git30/repo$ git reflog
3aa4c23 HEAD@{0}: checkout: moving from master to remotes/origin/master
3aa4c23 HEAD@{1}: clone: from ssh://bandit30-git@localhost/home/bandit30-git/repo
bandit30@bandit:/tmp/jperez3/git30/repo$ cd .git
bandit30@bandit:/tmp/jperez3/git30/repo/.git$ ls
branches description hooks info objects refs
config HEAD index logs packed-refs
[ Información Documentación Git ]
git-pack-refs - Pack heads and tags for efficient repository access
bandit30@bandit:/tmp/jperez3/git30/repo/.git$ cat packed-refs
# pack-refs with: peeled fully-peeled
3aa4c239f729b07deb99a52f125893e162daac9e refs/remotes/origin/master
f17132340e8ee6c159e0a4a6bc6f80e1da3b1aea refs/tags/secret
bandit30@bandit:/tmp/jperez3/git30/repo$ git show f17132340e8ee6c159e0a4a6bc6f80e1da3b1aea
47e603bb428404d265f59c42920d81e5
Password Acceso Nivel 31 : 47e603bb428404d265f59c42920d81e5
Bandit Level 31 → Level 32
Level Goal
There is a git repository at
ssh://bandit31-git@localhost/home/bandit31-git/repo. The password for the user bandit31-git is the same as for the user bandit31.
Clone the repository and find the password for the next level.
Commands you may need to solve this level
git
Solución Nivel 31
bandit31@bandit:~$ cd /tmp
bandit31@bandit:/tmp$ ls
ls: cannot open directory '.': Permission denied
bandit31@bandit:/tmp$ mkdir git31
bandit31@bandit:/tmp$ cd git31
bandit31@bandit:/tmp/git31$ git clone ssh://bandit31-git@localhost/home/bandit31-git/repo
Cloning into 'repo'...
Could not create directory '/home/bandit31/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit31/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit31-git@localhost's password:
remote: Counting objects: 4, done.
remote: Compressing objects: 100% (3/3), done.
remote: Total 4 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (4/4), done.
bandit31@bandit:/tmp/git31$
bandit31@bandit:/tmp/git31$ cd repo
bandit31@bandit:/tmp/git31/repo$ git log
commit df6c5eb91615c6dc9c99f99ca5fd79addfe62594
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:46 2018 +0200
initial commit
bandit31@bandit:/tmp/git31/repo$ git show df6c5eb91615c6dc9c99f99ca5fd79addfe62594
commit df6c5eb91615c6dc9c99f99ca5fd79addfe62594
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:46 2018 +0200
initial commit
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..2211df6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*.txt
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..0edecc0
--- /dev/null
+++ b/README.md
@@ -0,0 +1,7 @@
+This time your task is to push a file to the remote repository.
+
+Details:
+ File name: key.txt
+ Content: 'May I come in?'
+ Branch: master
+
bandit31@bandit:/tmp/git31/repo$ ls
ls README.md
bandit31@bandit:/tmp/git31/repo$ cat ls
commit df6c5eb91615c6dc9c99f99ca5fd79addfe62594
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:46 2018 +0200
initial commit
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..2211df6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*.txt
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..0edecc0
--- /dev/null
+++ b/README.md
@@ -0,0 +1,7 @@
+This time your task is to push a file to the remote repository.
+
+Details:
+ File name: key.txt
+ Content: 'May I come in?'
+ Branch: master
+
bandit31@bandit:/tmp/git31/repo$ cat README.md
This time your task is to push a file to the remote repository.
Details:
File name: key.txt
Content: 'May I come in?'
Branch: master
bandit31@bandit:/tmp/git31/repo$ nano key.txt
Unable to create directory /home/bandit31/.nano: Permission denied
It is required for saving/loading search history or cursor positions.
Press Enter to continue
bandit31@bandit:/tmp/git31/repo$ ls
key.txt ls README.md
bandit31@bandit:/tmp/git31/repo$ cat key.txt
May I come in?
bandit31@bandit:/tmp/git31/repo$
bandit31@bandit:/tmp/git31/repo$ git add key.txt
The following paths are ignored by one of your .gitignore files:
key.txt
Use -f if you really want to add them.
bandit31@bandit:/tmp/git31/repo$
bandit31@bandit:/tmp/git31/repo$ git add key.txt -f
bandit31@bandit:/tmp/git31/repo$ git commit
Unable to create directory /home/bandit31/.nano: Permission denied
It is required for saving/loading search history or cursor positions.
Press Enter to continue
(*) Añadida linea "Añadido fichero!" en el archivo que nos abre con nano.
Guardamos y Cerramos.
Añadido fichero!
# Please enter the commit message for your changes. Lines starting
# with '#' will be ignored, and an empty message aborts the commit.
# On branch master
# Your branch is up-to-date with 'origin/master'.
#
# Changes to be committed:
# new file: key.txt
#
# Untracked files:
# ls
#
[master 51c50a9] Añadido fichero!
1 file changed, 1 insertion(+)
create mode 100644 key.txt
bandit31@bandit:/tmp/git31/repo$
bandit31@bandit:/tmp/git31/repo$ git push
Could not create directory '/home/bandit31/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit31/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit31-git@localhost's password:
Counting objects: 3, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 328 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
remote: ### Attempting to validate files... ####
remote:
remote: .oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.
remote:
remote: Well done! Here is the password for the next level:
remote: 56a9bf19c63d650ce78e6ec0354ee45e
remote:
remote: .oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.
remote:
To ssh://localhost/home/bandit31-git/repo
! [remote rejected] master -> master (pre-receive hook declined)
error: failed to push some refs to 'ssh://bandit31-git@localhost/home/bandit31-git/repo'
bandit31@bandit:/tmp/git31/repo$
bandit31@bandit:/tmp$ ls
ls: cannot open directory '.': Permission denied
bandit31@bandit:/tmp$ mkdir git31
bandit31@bandit:/tmp$ cd git31
bandit31@bandit:/tmp/git31$ git clone ssh://bandit31-git@localhost/home/bandit31-git/repo
Cloning into 'repo'...
Could not create directory '/home/bandit31/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit31/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit31-git@localhost's password:
remote: Counting objects: 4, done.
remote: Compressing objects: 100% (3/3), done.
remote: Total 4 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (4/4), done.
bandit31@bandit:/tmp/git31$
bandit31@bandit:/tmp/git31$ cd repo
bandit31@bandit:/tmp/git31/repo$ git log
commit df6c5eb91615c6dc9c99f99ca5fd79addfe62594
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:46 2018 +0200
initial commit
bandit31@bandit:/tmp/git31/repo$ git show df6c5eb91615c6dc9c99f99ca5fd79addfe62594
commit df6c5eb91615c6dc9c99f99ca5fd79addfe62594
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:46 2018 +0200
initial commit
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..2211df6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*.txt
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..0edecc0
--- /dev/null
+++ b/README.md
@@ -0,0 +1,7 @@
+This time your task is to push a file to the remote repository.
+
+Details:
+ File name: key.txt
+ Content: 'May I come in?'
+ Branch: master
+
bandit31@bandit:/tmp/git31/repo$ ls
ls README.md
bandit31@bandit:/tmp/git31/repo$ cat ls
commit df6c5eb91615c6dc9c99f99ca5fd79addfe62594
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:46 2018 +0200
initial commit
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..2211df6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*.txt
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..0edecc0
--- /dev/null
+++ b/README.md
@@ -0,0 +1,7 @@
+This time your task is to push a file to the remote repository.
+
+Details:
+ File name: key.txt
+ Content: 'May I come in?'
+ Branch: master
+
bandit31@bandit:/tmp/git31/repo$ cat README.md
This time your task is to push a file to the remote repository.
Details:
File name: key.txt
Content: 'May I come in?'
Branch: master
bandit31@bandit:/tmp/git31/repo$ nano key.txt
Unable to create directory /home/bandit31/.nano: Permission denied
It is required for saving/loading search history or cursor positions.
Press Enter to continue
bandit31@bandit:/tmp/git31/repo$ ls
key.txt ls README.md
bandit31@bandit:/tmp/git31/repo$ cat key.txt
May I come in?
bandit31@bandit:/tmp/git31/repo$
bandit31@bandit:/tmp/git31/repo$ git add key.txt
The following paths are ignored by one of your .gitignore files:
key.txt
Use -f if you really want to add them.
bandit31@bandit:/tmp/git31/repo$
bandit31@bandit:/tmp/git31/repo$ git add key.txt -f
bandit31@bandit:/tmp/git31/repo$ git commit
Unable to create directory /home/bandit31/.nano: Permission denied
It is required for saving/loading search history or cursor positions.
Press Enter to continue
(*) Añadida linea "Añadido fichero!" en el archivo que nos abre con nano.
Guardamos y Cerramos.
Añadido fichero!
# Please enter the commit message for your changes. Lines starting
# with '#' will be ignored, and an empty message aborts the commit.
# On branch master
# Your branch is up-to-date with 'origin/master'.
#
# Changes to be committed:
# new file: key.txt
#
# Untracked files:
# ls
#
[master 51c50a9] Añadido fichero!
1 file changed, 1 insertion(+)
create mode 100644 key.txt
bandit31@bandit:/tmp/git31/repo$
bandit31@bandit:/tmp/git31/repo$ git push
Could not create directory '/home/bandit31/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit31/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit31-git@localhost's password:
Counting objects: 3, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 328 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
remote: ### Attempting to validate files... ####
remote:
remote: .oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.
remote:
remote: Well done! Here is the password for the next level:
remote: 56a9bf19c63d650ce78e6ec0354ee45e
remote:
remote: .oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.
remote:
To ssh://localhost/home/bandit31-git/repo
! [remote rejected] master -> master (pre-receive hook declined)
error: failed to push some refs to 'ssh://bandit31-git@localhost/home/bandit31-git/repo'
bandit31@bandit:/tmp/git31/repo$
Password Acceso Nivel 32 : 56a9bf19c63d650ce78e6ec0354ee45e
Bandit Level 32 → Level 33
After all this
git stuff its time for another escape. Good luck!Commands you may need to solve this level
sh, man
Solución Nivel 32
WELCOME TO THE UPPERCASE SHELL
sh: 1: 3: not found
>> ·a
sh: 1: ·A: not found
>> !1
sh: 1: !1: not found
>> "1
sh: 2: Syntax error: Unterminated quoted string
>> ·1
sh: 1: ·1: not found
>> $1
>> $4
>> $5
>> $6
>> &6
sh: 1: Syntax error: "&" unexpected
>> $8
>> $0
ls
uppershell
file uppershell
uppershell: setuid ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=e6a8ed571599ce2bfa8b77145dbfc4eb933c1477, not stripped
whoami
bandit33
cat /etc/bandit_pass/bandit33
c9c3199ddf4121b10cf581a98d51caee
sh: 1: 3: not found
>> ·a
sh: 1: ·A: not found
>> !1
sh: 1: !1: not found
>> "1
sh: 2: Syntax error: Unterminated quoted string
>> ·1
sh: 1: ·1: not found
>> $1
>> $4
>> $5
>> $6
>> &6
sh: 1: Syntax error: "&" unexpected
>> $8
>> $0
ls
uppershell
file uppershell
uppershell: setuid ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=e6a8ed571599ce2bfa8b77145dbfc4eb933c1477, not stripped
whoami
bandit33
cat /etc/bandit_pass/bandit33
c9c3199ddf4121b10cf581a98d51caee
Password Acceso Nivel 33 : c9c3199ddf4121b10cf581a98d51caee
Bandit Level 33 → Level 34
At this moment, level 34 does not exist yet.
Esperamos que esta serie de soluciones de OverTheWire - Bandit os resultase útil. Hasta la próxima.
GAME OVER !!!
