MayADevBe Blog

A Blog about Computer Science

OverTheWire Bandit Level 28 -> 29 - Walkthrough

Previous Level: Level 28


Login

SSH: ssh bandit28@bandit.labs.overthewire.org -p 2220

Password: 0ef186ac70e04ea33b4c1853d2526fa2

Task

There is a git repository at ssh://bandit28-git@localhost/home/bandit28-git/repo. The password for the user bandit28-git is the same as for the user bandit28.

Clone the repository and find the password for the next level.

A little bit of Theory

The introduction to Git can be found in Level 28. For this level, we need to know two additional commands:

  • git log, shows us the commit log.
  • git show <commit>, shows us the content of a commit (When creating a public repository it is important to be aware of the information you push to it since changes and previous versions are saved. So sensitive data, like passwords, could still be retrieved).

Addition: The mentioned README file in the previous Level’s theory is often written in markdown format. Check out my blog post on Markdown Basics for better understanding of it.

Solution

We start out the same as in the previous level, by cloning the repository and checking out the README:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
bandit28@bandit:~$ mktemp -d
/tmp/tmp.lGUWKxK6CU
bandit28@bandit:~$ cd /tmp/tmp.lGUWKxK6CU
bandit28@bandit:/tmp/tmp.lGUWKxK6CU$ git clone ssh://bandit28-git@localhost/home/bandit28-git/repo
...
bandit28-git@localhost's password: 
...
bandit28@bandit:/tmp/tmp.lGUWKxK6CU$ ls
repo
bandit28@bandit:/tmp/tmp.lGUWKxK6CU$ cd repo
bandit28@bandit:/tmp/tmp.lGUWKxK6CU/repo$ ls -la
total 16
drwxr-sr-x 3 bandit28 root 4096 Jul  3 12:30 .
drwx--S--- 3 bandit28 root 4096 Jul  3 12:30 ..
drwxr-sr-x 8 bandit28 root 4096 Jul  3 12:30 .git
-rw-r--r-- 1 bandit28 root  111 Jul  3 12:30 README.md
bandit28@bandit:/tmp/tmp.lGUWKxK6CU/repo$ cat README.md 
# Bandit Notes
Some notes for level29 of bandit.

## credentials

- username: bandit29
- password: xxxxxxxxxx

This time, the README has Markdown format (’.md’). It mentions, but does not contain the password. We can take a look at the git history to see, if a past version of the README file contained the password. First, we check out the log.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
bandit28@bandit:/tmp/tmp.lGUWKxK6CU/repo$ git log
commit edd935d60906b33f0619605abd1689808ccdd5ee
Author: Morla Porla <morla@overthewire.org>
Date:   Thu May 7 20:14:49 2020 +0200

    fix info leak

commit c086d11a00c0648d095d04c089786efef5e01264
Author: Morla Porla <morla@overthewire.org>
Date:   Thu May 7 20:14:49 2020 +0200

    add missing data

commit de2ebe2d5fd1598cd547f4d56247e053be3fdc38
Author: Ben Dover <noone@overthewire.org>
Date:   Thu May 7 20:14:49 2020 +0200

    initial commit of README.md

One commit has the description ‘fix info leak’. This sounds promising, so we want to see what changes where made.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
bandit28@bandit:/tmp/tmp.lGUWKxK6CU/repo$ git show edd935d60906b33f0619605abd1689808ccdd5ee
commit edd935d60906b33f0619605abd1689808ccdd5ee
Author: Morla Porla <morla@overthewire.org>
Date:   Thu May 7 20:14:49 2020 +0200

    fix info leak

diff --git a/README.md b/README.md
index 3f7cee8..5c6457b 100644
--- a/README.md
+++ b/README.md
@@ -4,5 +4,5 @@ Some notes for level29 of bandit.
 ## credentials
 
 - username: bandit29
-- password: bbc96594b4e001778eee9975372716b2
+- password: xxxxxxxxxx

Here we see the differences in the old and updated README files. Indeed, the history shows us the password.


https://overthewire.org/wargames/bandit/bandit29.html


Next Level: Level 30


Share on: