OverTheWire Bandit Guide

here's how to solve the bandit level 28 → 29

Back to the Bandit Guides

Previous Level Guide: Bandit Level 27 → 28

Access

SSH: ssh bandit28@bandit.labs.overthewire.org -p 2220

Password: l0HumqlfvZvCkfFGoor8i11nChA6hYTH

Info

There is a git repository at ssh://bandit28-git@localhost/home/bandit28-git/repo via the port 2220. The password for the user bandit28-git is the same as for the user bandit28. Clone the repository and find the password for the next level.
Commands: git

Theory

To get the password, the instructions say to clone the repository and look for the password there. So, I already explained this in the last level, and the instructions don't give much more insight into what the level will be, so here's the commands again:

git clone ssh://bandit28-git@localhost/home/bandit28-git/repo
git clone ssh://bandit28-git@localhost:2220/home/bandit28-git/repo

Solution

Same thing as last level:

~$ mktemp -d
/tmp/tmp.Fc0ey7V6Ww

~$ cd /tmp/tmp.Fc0ey7V6Ww

/tmp/tmp.Fc0ey7V6Ww$ git clone ssh://bandit28-git@localhost:2220/home/bandit28-git/repo
...
Resolving deltas: 100% (2/2), done.

Now that we have the repository, let's look what's inside:

/tmp/tmp.Fc0ey7V6Ww$ ls
repo

/tmp/tmp.Fc0ey7V6Ww$ cd repo

/tmp/tmp.Fc0ey7V6Ww/repo$ ls -la
total 16
drwxrwxr-x 3 bandit28 bandit28 4096 Jan  7 15:05 .
drwx------ 3 bandit28 bandit28 4096 Jan  7 15:04 ..
drwxrwxr-x 8 bandit28 bandit28 4096 Jan  7 15:05 .git
-rw-rw-r-- 1 bandit28 bandit28  111 Jan  7 15:05 README.md

/tmp/tmp.Fc0ey7V6Ww/repo$ cat README.md
# Bandit Notes
Some notes for level29 of bandit.

## credentials

- username: bandit29
- password: xxxxxxxxxx

Looks like the password isn't here, let's try looking at the history:

/tmp/tmp.Fc0ey7V6Ww/repo$ git log
commit 817e303aa6c2b207ea043c7bba1bb7575dc4ea73 (HEAD -> master, origin/master, origin/HEAD)
Author: Morla Porla <morla@overthewire.org>
Date:   Thu Sep 19 07:08:39 2024 +0000

    fix info leak

commit 3621de89d8eac9d3b64302bfb2dc67e9a566decd
Author: Morla Porla <morla@overthewire.org>
Date:   Thu Sep 19 07:08:39 2024 +0000

    add missing data

commit 0622b73250502618babac3d174724bb303c32182
Author: Ben Dover <noone@overthewire.org>
Date:   Thu Sep 19 07:08:39 2024 +0000

    initial commit of README.md

So, it seems like the password was put there, but then removed because it was an "info leak". We can see the commit to see what changed, aka what password was removed:

/tmp/tmp.Fc0ey7V6Ww/repo$ git show 817e303aa6c2b207ea043c7bba1bb7575dc4ea73
commit 817e303aa6c2b207ea043c7bba1bb7575dc4ea73 (HEAD -> master, origin/master, origin/HEAD)
Author: Morla Porla <morla@overthewire.org>
Date:   Thu Sep 19 07:08:39 2024 +0000

    fix info leak

diff --git a/README.md b/README.md
index d4e3b74..5c6457b 100644
--- a/README.md
+++ b/README.md
@@ -4,5 +4,5 @@ Some notes for level29 of bandit.
 ## credentials

 - username: bandit29
-- password: xfM5zibexvGC9tNeATKttIeVoxRdvez7
+- password: xxxxxxxxxx

And that's the password! Now we should be good to go to the next level.

https://overthewire.org/wargames/bandit/bandit29.html
Next Level Guide: Bandit Level 29 → Level 30

Explore My Website