Login

SSH: ssh bandit18@bandit.labs.overthewire.org -p 2220

Password: kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd

Task

The password for the next level is stored in a file readme in the homedirectory. Unfortunately, someone has modified .bashrc to log you out when you log in with SSH.

A little bit of Theory

‘.bashrc’ is a file that is run every time a terminal is loaded. This means it is also run when logging in through SSH because this also loads a terminal.

In the walkthrough to Level 0 I have given a short introduction to SSH. Something I have not mentioned is that SSH does not just allows us to log into a machine remotely, but it also allows remote execution of commands by adding the commands after the common SSH expression.

Solution

Instead of logging into the machine with SSH, we execute a command through SSH instead. First, we use ls to make sure the readme file is in the folder then we can use cat to read it.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

$ ssh bandit18@bandit.labs.overthewire.org -p 2220 ls         
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames

bandit18@bandit.labs.overthewire.org's password: 
readme

$ ssh bandit18@bandit.labs.overthewire.org -p 2220 cat readme 
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames

bandit18@bandit.labs.overthewire.org's password: 
IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x

Alternative

Alternatively, you could use the same method of executing a command with SSH but use /bin/bash as a command to spawn a bash shell or use the -t flag, which allows a ‘pseudo-terminal’ to run on the target machine, this way we can run \bin\sh. This is especially useful if we have to do multiple commands because we do not need to repeat the SSH statement and password.

1
2

ssh bandit18@bandit.labs.overthewire.org -p 2220 /bin/bash                          
ssh bandit18@bandit.labs.overthewire.org -p 2220 -t /bin/sh  

https://overthewire.org/wargames/bandit/bandit19.html