Login

SSH: ssh bandit29@bandit.labs.overthewire.org -p 2220

Password: bbc96594b4e001778eee9975372716b2

Task

There is a git repository at ssh://bandit29-git@localhost/home/bandit29-git/repo. The password for the user bandit29-git is the same as for the user bandit29.

Clone the repository and find the password for the next level.

A little bit of Theory

The introduction to Git can be found in Level 28 and Level 29.

Git branching is another feature of the version control system. It allows you to split the development into different branches. Specifically, there is a master branch from which the software can be taken and it can be separately worked on. You can change and add features while still maintaining a working master branch. Once the work is done, it can be integrated into the master branch again. This allows for additional version control. You can offer a production branch with usable software, while fixing bugs or adding features in a different development branch.

The basic commands for working with branches are:

• git branch: List (-a), create, or delete branches
• git checkout <branch_name>/git switch <branch_name>: Switch branches
• git merge: Join two or more branches

Solution

We start the same way as in the two previous level. We create a folder, clone the git repository and check its content. Since there is only a README.md we check its contents.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

bandit29@bandit:~$ mktemp -d
/tmp/tmp.Qjbad6ocpi
bandit29@bandit:~$ cd /tmp/tmp.Qjbad6ocpi
bandit29@bandit:/tmp/tmp.Qjbad6ocpi$ git clone ssh://bandit29-git@localhost/home/bandit29-git/repo
bandit29@bandit:/tmp/tmp.Qjbad6ocpi$ ls
repo
bandit29@bandit:/tmp/tmp.Qjbad6ocpi$ cd repo
bandit29@bandit:/tmp/tmp.Qjbad6ocpi/repo$ ls -la
total 16
drwxr-sr-x 3 bandit29 root 4096 Jul  3 12:50 .
drwx--S--- 3 bandit29 root 4096 Jul  3 12:50 ..
drwxr-sr-x 8 bandit29 root 4096 Jul  3 12:50 .git
-rw-r--r-- 1 bandit29 root  131 Jul  3 12:50 README.md
bandit29@bandit:/tmp/tmp.Qjbad6ocpi/repo$ cat README.md 
# Bandit Notes
Some notes for bandit30 of bandit.

## credentials

- username: bandit30
- password: <no passwords in production!>

The sentence ’no passwords in production!’ sounds like there might be more branches. So we check out, if this is the case.

1
2
3
4
5
6

bandit29@bandit:/tmp/tmp.Qjbad6ocpi/repo$ git branch -a
* master
  remotes/origin/HEAD -> origin/master
  remotes/origin/dev
  remotes/origin/master
  remotes/origin/sploits-dev

And we were correct. We got a list of branches of this repository. Now, the most interesting one based on the description in ‘README’ would be the ‘dev’ branch. Since if the password is not in the production branch, it is most likely in the development branch.

To test that theory, we can switch to this branch and check its content.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18

bandit29@bandit:/tmp/tmp.Qjbad6ocpi/repo$ git checkout dev
Branch dev set up to track remote branch dev from origin.
Switched to a new branch 'dev'
bandit29@bandit:/tmp/tmp.Qjbad6ocpi/repo$ ls -la
total 20
drwxr-sr-x 4 bandit29 root 4096 Jul  3 13:01 .
drwx--S--- 3 bandit29 root 4096 Jul  3 12:50 ..
drwxr-sr-x 2 bandit29 root 4096 Jul  3 13:01 code
drwxr-sr-x 8 bandit29 root 4096 Jul  3 13:01 .git
-rw-r--r-- 1 bandit29 root  134 Jul  3 13:01 README.md
bandit29@bandit:/tmp/tmp.Qjbad6ocpi/repo$ cat README.md 
# Bandit Notes
Some notes for bandit30 of bandit.

## credentials

- username: bandit30
- password: 5b90576bedb2cc04c86a9e924ce42faf

And again, the assumption was correct. The ‘dev’ branch contains the password in the ‘README’ file.

https://overthewire.org/wargames/bandit/bandit30.html