MayADevBe Blog

A Blog about Computer Science

OverTheWire Bandit Level 31 -> 32 - Walkthrough

Published - 2022-07-25 | 3min

Previous Level: Level 31

Login

SSH: ssh bandit31@bandit.labs.overthewire.org -p 2220

Password: 47e603bb428404d265f59c42920d81e5

Task

There is a git repository at ssh://bandit31-git@localhost/home/bandit31-git/repo. The password for the user bandit31-git is the same as for the user bandit31.

Clone the repository and find the password for the next level.

A little bit of Theory

The introduction to Git can be found in Level 28 and Level 29.

Git Commit saves the currently made changes with a message describing these changes. The flag -a makes sure all modified/deleted files are staged.

Git Push updates local changes in remote repositories. When pushing for the first time, you should also define the branch with -u.

Git Ignore is a file with the filename ‘.gitignore’. In this file, all file names/extensions that should be ignored by the commit are written. This means if a file which is in the ignore file is created/changed, it will not be part of the commit/repository. Git ignore also allows for wildcards. (For example, : ‘*.pyc’ means all files with the ending ‘.pyc’ will be ignored.) There are pre-written files for specific situations and languages, like this one for Python.

Git Add updates what files will be part of the next commit. The -f flag forces files to be able to be committed, even when they are normally ignored.

Solution

Start the same way as always.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

bandit31@bandit:~$ mktemp -d
/tmp/tmp.IhtWdYHfZb
bandit31@bandit:~$ cd /tmp/tmp.IhtWdYHfZb
bandit31@bandit:/tmp/tmp.IhtWdYHfZb$ git clone ssh://bandit31-git@localhost/home/bandit31-git/repo
bandit31@bandit:/tmp/tmp.IhtWdYHfZb$ ls
repo
bandit31@bandit:/tmp/tmp.IhtWdYHfZb$ cd repo
bandit31@bandit:/tmp/tmp.IhtWdYHfZb/repo$ ls -la
total 20
drwxr-sr-x 3 bandit31 root 4096 Jul  3 13:13 .
drwx--S--- 3 bandit31 root 4096 Jul  3 13:13 ..
drwxr-sr-x 8 bandit31 root 4096 Jul  3 13:13 .git
-rw-r--r-- 1 bandit31 root    6 Jul  3 13:13 .gitignore
-rw-r--r-- 1 bandit31 root  147 Jul  3 13:13 README.md
bandit31@bandit:/tmp/tmp.IhtWdYHfZb/repo$ cat README.md 
This time your task is to push a file to the remote repository.

Details:
    File name: key.txt
    Content: 'May I come in?'
    Branch: master

The ‘README’ states that we have to push a file to the repository. So first, we create the file:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

bandit31@bandit:/tmp/tmp.IhtWdYHfZb/repo$ echo 'May I come in?' > key.txt
bandit31@bandit:/tmp/tmp.IhtWdYHfZb/repo$ ls -la
total 24
drwxr-sr-x 3 bandit31 root 4096 Jul  3 13:17 .
drwx--S--- 3 bandit31 root 4096 Jul  3 13:13 ..
drwxr-sr-x 8 bandit31 root 4096 Jul  3 13:13 .git
-rw-r--r-- 1 bandit31 root    6 Jul  3 13:13 .gitignore
-rw-r--r-- 1 bandit31 root   15 Jul  3 13:17 key.txt
-rw-r--r-- 1 bandit31 root  147 Jul  3 13:13 README.md
bandit31@bandit:/tmp/tmp.IhtWdYHfZb/repo$ cat key.txt 
May I come in?

Now we can try to push the new file by first making a commit and then pushing it. However, this will not work because of the file ‘.gitignore’ in the repo. This file lists files/-types that git will not push to the repository. In this case, exactly all files ending with ‘.txt’.

1
2

bandit31@bandit:/tmp/tmp.IhtWdYHfZb/repo$ cat .gitignore 
*.txt

To add the file anyway, we need to use git add. Then commit and push. The commit will open the ’nano’ editor and expects a message along with the commit, which can be whatever you want.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22

bandit31@bandit:/tmp/tmp.IhtWdYHfZb/repo$ git add -f key.txt
bandit31@bandit:/tmp/tmp.IhtWdYHfZb/repo$ git commit -a
Unable to create directory /home/bandit31/.nano: Permission denied
It is required for saving/loading search history or cursor positions.

Press Enter to continue

[master 35298de] Key file
 1 file changed, 1 insertion(+)
 create mode 100644 key.txt
bandit31@bandit:/tmp/tmp.IhtWdYHfZb/repo$ git push -u origin master
...
remote: ### Attempting to validate files... ####
remote: 
remote: .oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.
remote: 
remote: Well done! Here is the password for the next level:
remote: 56a9bf19c63d650ce78e6ec0354ee45e
remote: 
remote: .oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.
remote: 
...

https://overthewire.org/wargames/bandit/bandit32.html

Next Level: Level 33


Share on:
Comments:
Related Content:
OverTheWire Bandit Level 32 -> 33 - Walkthrough

A walkthrough of Level 32 -> 33 of the Bandit wargame from OverTheWire. - Linux Variables and shell escape.

OverTheWire Bandit Level 30 -> 31 - Walkthrough

A walkthrough of Level 30 -> 31 of the Bandit wargame from OverTheWire. - Git Tagging.