Previous Level: Level 32
ssh email@example.com -p 2220
After all this git stuff its time for another escape. Good luck!
A little bit of Theory
Linux has Variables called local variables (valid in current shell), shell variables (set up by shell) and environment variables (valid systemwide). These variables have their names in uppercase only. They are defined by writing
VAR_NAME=var_value in the command line. To see the content of a variable, you can write
To print all environment variables, you can use
Some common that are good to know are:
TERM- current terminal emulation
HOME- the path to home directory of currently logged in user
LANG- current locales settings
PATH- directory list to be searched when executing commands
PWD- pathname of the current working directory
0- the path of the current user’s shell
USER- currently logged-in user
When using ssh to get access to the machine, we are greeted with a slightly different shell:
WELCOME TO THE UPPERCASE SHELL. This already gives us an idea of what the shell does. Testing a simple command, we get the following:
So everything we type seems to be made uppercase. The commands we have used so far however, are all lower-case and do not work. The one thing in Linux that is uppercase is variables. Specifically, the variable
$0 has a reference to a shell. You can see this with
echo $0 on your machine.
This lets us break out of the uppercase shell and we can use commands again.
We can see that the file ‘uppershell’ runs as bandit33 (owned by user ‘bandit33’ and SUID). Checking this, we can see that we are in fact ‘bandit33’ and therefore, we can read the password file:
Since at the time of writing this, it is the last level, we can do one final login to make sure we got the correct password. And we find this: