Home - Writeups - Bandit Overthewire wargames walkthrough level 26 – 30

Bandit Overthewire wargames walkthrough level 26 – 30

Bandit is a game for beginners in Linux and Bash. As it is a great guide for learning the command line and Linux. So we will continue with the game here is the link for the next level.

Bandit overthewire wargames level 21 – 25

Level 26→30

  • Host: bandit.labs.overthewire.org
  • port: 2220

bandit level 25 → 26

As we are instructed the shell for user bandit 26 is not /bin/bash, but something else. We will understand how it works and bypass it. But for that first, we use ‘ls’ command. As we can see its an ssh key to login bandit 26. After trying to login we see a message “Connection to localhost closed.” As we know shell is different for bandit26 as a result we cannot connect. After that, we will find the shell of bandit26. All information related environment of users is stored in /etc/passwd. But we only need information on bandit26 so we will use grep command and see the shell is /usr/bin/showtext. Then we read the contents of the file using cat command.

bandit level 26
  • ls
  • ssh -i bandit26.sshkey [email protected]
  • cat /etc/passwd | grep bandit26
  • cat /usr/bin/showtext

As written in last line of /usr/bin/showtext we will resize the terminal to minimal because it will trigger show more. After that we will sign in using sshkey.

As we see after logging in using ssh –More– will be triggered. Now we can enter inside using a command-line editor. Firstly we will press v to enter the text editor that is set in the $EDITOR shell variable.

  • v

Once we are inside editor we can get password using command ‘:e /etc/bandit_pass/bandit26’, as this command will read the content of the file /etc/bandit_pass/bandit26.

vim
  • :e /etc/bandit_pass/bandit26

bandit level 26 → 27

We will continue from we left on previous level. Firstly, we will get shell of bandit 27 and get the password. So to get the shell, we will set shell parameter as /bin/bash “:set shell=/bin/bash”. After that we will access the shell by typing “:shell”

shell
  • :set shell=/bin/bash
  • :shell

As we perform all the steps we will get the shell and we can verify it by whoami command.

  • whoami

After getting the shell for bandit26 we type ls -l command to see the file along with there permission and ownership. As we can see bandit27-do has ownership by bandit27 means it can be run as bandit27. So we will run the command as bandit27 and get the password.

level 26
  • ls -l
  • ./bandit27-do cat /etc/bandit_pass/bandit27

bandit level 27 → 28

As we are instructed we have to get a git repository and find the password in it. First, we will make a temporary directory in /tmp folder then we will use “git clone” to download the repository in our temporary folder. We will enter the password of the git repository the same as the password of the bandit27 user.

git

After downloading the git repository we use “git log” and see there is only one commit as README. Then we will use cat command to get the password from the README file.

README
  • cd /repo
  • git log
  • cat README

bandit level 28 → 29

As we are instructed we have to get a git repository and find the password in it. First, we will make a temporary directory in /tmp folder then we will use “git clone” to download the repository in our temporary folder. Then we will enter the password of the git repository the same as the password of the bandit28 user.

bandit level 28

After download git repository we use git log command to see the information about all the commits made. As we can see there is commit called add missing data. There is a probability that missing data is password for next level.

git log
  • git log

After that we will go to the commit with comment add missing data. So we will use git checkout “commit-ID” to go inside that commit. Then we use cat command to read the content of README.md and get the password.

  • git checkout c086d
  • cat README.md

bandit level 29 → 30

As we are instructed we will get a git repository and find the password in it. First, we will make a temporary directory in /tmp folder then we will use “git clone” to download the repository in our temporary folder. Then we will enter the password of the git repository the same as the password of the bandit29 user.

bandit level 30

After that we see all the commits using git log. But we dont find any useful information regarding password.

  • ls
  • cd repo
  • git log

So we see if there are other branches in the commit because password can be hidden in other branches. Then we use “git branch -a” command to see all the branches in current repository. As we can see one of the branches is called /remotes/origin/master. So we switch to this branch using “git checkout dev” command.

bandit , git ,branch
  • git branch -a
  • git checkout dev

After that we use ls command to see the files. Then we use cat command to read the contents of README.md file and get the password for next level.

bandit , git
  • ls
  • cat README.md

Command we learned.

Share
5 1 vote
Article Rating
Subscribe
Notify of
guest
2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback
1 year ago

[…] Bandit overthewire wargames level 26 – 30 […]

trackback
1 year ago

[…] Bandit overthewire wargames level 26 – 30 […]

2
0
Would love your thoughts, please comment.x
()
x