OverTheWire Bandit Levels 26-30

Level 26

Good job getting a shell! Now hurry and grab the password for bandit27!

bandit26@bandit:~$ ls
bandit27-do  text.txt
bandit26@bandit:~$ ./bandit27-do
Run a command as another user.
  Example: ./bandit27-do id
bandit26@bandit:~$ ./bandit27-do cat /etc/bandit_pass/bandit27
<PASSWORD>
bandit26@bandit:~$ ssh bandit27@localhost
bandit27@localhost's password:

Level 27

There is a git repository at ssh://bandit27-git@localhost/home/bandit27-git/repo. The password for the user bandit27-git is the same as for the user bandit27.

bandit27@bandit:~$ mkdir /tmp/scottctaylor12
bandit27@bandit:~$ chmod 777 /tmp/scottctaylor12
bandit27@bandit:~$ cd /tmp/scottctaylor12
bandit27@bandit:/tmp/scottctaylor12$ git clone ssh://bandit27-git@localhost/home/bandit27-git/repo
bandit27-git@localhost's password:
bandit27@bandit:/tmp/scottctaylor12$ ls
repo
bandit27@bandit:/tmp/scottctaylor12$ cd repo/
bandit27@bandit:/tmp/scottctaylor12/repo$ ls
README
bandit27@bandit:/tmp/scottctaylor12/repo$ cat README
The password to the next level is: <PASSWORD>
bandit27@bandit:~$ ssh bandit28@localhost
bandit28@localhost's password:

Level 28

There is a git repository at ssh://bandit28-git@localhost/home/bandit28-git/repo. The password for the user bandit28-git is the same as for the user bandit28.

bandit28@bandit:~$ cd /tmp/scottctaylor12
bandit28@bandit:/tmp/scottctaylor12$ git clone ssh://bandit28-git@localhost/home/bandit28-git/repo
bandit28-git@localhost's password:
bandit28@bandit:/tmp/scottctaylor12$ ls
repo
bandit28@bandit:/tmp/scottctaylor12$ cd repo/
bandit28@bandit:/tmp/scottctaylor12/repo$ ls
README.md
bandit28@bandit:/tmp/scottctaylor12/repo$ cat README.md
# Bandit Notes
Some notes for level29 of bandit.

## credentials

- username: bandit29
- password: xxxxxxxxxx

bandit28@bandit:/tmp/scottctaylor12/repo$ git log
commit 04f400829a9629fa7b62528ab7331293902fdfc8
Author: Morla Porla <morla@overthewire.org>
Date:   Sun Sep 16 22:43:29 2018 +0200

    fix info leak

commit aa59d7752b70ccf6d230fba806dd81458abc26d7
Author: Morla Porla <morla@overthewire.org>
Date:   Sun Sep 16 22:43:29 2018 +0200

    add missing data

commit bfce6960fd376159b2fba9ebf5ea844bfce8d1b7
Author: Ben Dover <noone@overthewire.org>
Date:   Sun Sep 16 22:43:29 2018 +0200

    initial commit of README.md
bandit28@bandit:/tmp/scottctaylor12/repo$ git checkout aa59d7752b70ccf6d230fba806dd81458abc26d7
Note: checking out 'aa59d7752b70ccf6d230fba806dd81458abc26d7'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:

  git checkout -b <new-branch-name>

HEAD is now at aa59d77... add missing data
bandit28@bandit:/tmp/scottctaylor12/repo$ ls
README.md
bandit28@bandit:/tmp/scottctaylor12/repo$ cat README.md
# Bandit Notes
Some notes for level29 of bandit.

## credentials

- username: bandit29
- password: <PASSWORD>

bandit28@bandit:/tmp/scottctaylor12/repo$ ssh bandit29@localhost
bandit29@localhost's password:

Level 29

There is a git repository at ssh://bandit29-git@localhost/home/bandit29-git/repo. The password for the user bandit29-git is the same as for the user bandit29. Clone the repository and find the password for the next level.

bandit29@bandit:~$ cd /tmp/scottctaylor12
bandit29@bandit:/tmp/scottctaylor12$ git clone ssh://bandit29-git@localhost/home/bandit29-git/repo
Cloning into 'repo'...
Could not create directory '/home/bandit29/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit29/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames

bandit29-git@localhost's password:
remote: Counting objects: 16, done.
remote: Compressing objects: 100% (11/11), done.
remote: Total 16 (delta 2), reused 0 (delta 0)
Receiving objects: 100% (16/16), done.
Resolving deltas: 100% (2/2), done.
bandit29@bandit:/tmp/scottctaylor12$ ls
repo
bandit29@bandit:/tmp/scottctaylor12$ cd repo/
bandit29@bandit:/tmp/scottctaylor12/repo$ ls
README.md
bandit29@bandit:/tmp/scottctaylor12/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.

## credentials

- username: bandit30
- password: <no passwords in production!>

bandit29@bandit:/tmp/scottctaylor12/repo$ git checkout dev
Branch dev set up to track remote branch dev from origin.
Switched to a new branch 'dev'
bandit29@bandit:/tmp/scottctaylor12/repo$ ls
code  README.md
bandit29@bandit:/tmp/scottctaylor12/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.

## credentials

- username: bandit30
- password: <PASSWORD>

bandit29@bandit:/tmp/scottctaylor12/repo$ ssh bandit30@localhost
bandit30@localhost's password:

Level 30

There is a git repository at ssh://bandit30-git@localhost/home/bandit30-git/repo. The password for the user bandit30-git is the same as for the user bandit30. Clone the repository and find the password for the next level.

bandit30@bandit:~$ cd /tmp/scottctaylor12
bandit30@bandit:/tmp/scottctaylor12$ git clone ssh://bandit30-git@localhost/home/bandit30-git/repo
bandit30-git@localhost's password:

bandit30@bandit:/tmp/scottctaylor12$ cd repo/
bandit30@bandit:/tmp/scottctaylor12/repo$ ls
README.md
bandit30@bandit:/tmp/scottctaylor12/repo$ cat README.md
just an epmty file... muahaha
bandit30@bandit:/tmp/scottctaylor12/repo$ cd .git
bandit30@bandit:/tmp/scottctaylor12/repo/.git$ ls
branches  config  description  FETCH_HEAD  HEAD  hooks  index  info  logs  objects  ORIG_HEAD  packed-refs  refs
bandit30@bandit:/tmp/scottctaylor12/repo/.git$ cat packed-refs
# pack-refs with: peeled fully-peeled
942f2e54a6297c2f7229523fabbccbb189373571 refs/remotes/origin/master
f17132340e8ee6c159e0a4a6bc6f80e1da3b1aea refs/tags/secret
bandit30@bandit:/tmp/scottctaylor12/repo/.git$ git show f17132340e8ee6c159e0a4a6bc6f80e1da3b1aea
<PASSWORD>

Continue to OverTheWire Bandit Levels 31-34