OverTheWire Bandit Guide

here's how to solve the bandit level 29 → 30

Back to the Bandit Guides

Previous Level Guide: Bandit Level 28 → 29

Access

SSH: ssh bandit29@bandit.labs.overthewire.org -p 2220

Password: xfM5zibexvGC9tNeATKttIeVoxRdvez7

Info

There is a git repository at ssh://bandit29-git@localhost/home/bandit29-git/repo via the port 2220. The password for the user bandit29-git is the same as for the user bandit29. Clone the repository and find the password for the next level.
Commands: git

Theory

To get the password, the instructions say to clone the repository and look for the password there. So, I already explained this in the last last level, and the instructions don't give much more insight into what the level will be, so here's the commands again:

git clone ssh://bandit29-git@localhost/home/bandit29-git/repo
git clone ssh://bandit29-git@localhost:2220/home/bandit29-git/repo

Solution

Same thing as last last level:

~$ mktemp -d
/tmp/tmp.D4dFuWHXng

~$ cd /tmp/tmp.D4dFuWHXng

/tmp/tmp.D4dFuWHXng$ git clone ssh://bandit29-git@localhost:2220/home/bandit29-git/repo
...
Resolving deltas: 100% (2/2), done.

Now that we have the repository, let's look what's inside:

/tmp/tmp.D4dFuWHXng$ ls
repo

/tmp/tmp.D4dFuWHXng$ cd repo

/tmp/tmp.D4dFuWHXng/repo$ ls -la
total 16
drwxrwxr-x 3 bandit29 bandit29 4096 Jan  7 15:11 .
drwx------ 3 bandit29 bandit29 4096 Jan  7 15:11 ..
drwxrwxr-x 8 bandit29 bandit29 4096 Jan  7 15:11 .git
-rw-rw-r-- 1 bandit29 bandit29  131 Jan  7 15:11 README.md

/tmp/tmp.D4dFuWHXng/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.

## credentials

- username: bandit30
- password: <no passwords in production!>

Looks like the password isn't here, also the phrase "no passwords in production" sounds like it should be in another branch:

/tmp/tmp.D4dFuWHXng/repo$ git branch -a
* master
  remotes/origin/HEAD -> origin/master
  remotes/origin/dev
  remotes/origin/master
  remotes/origin/sploits-dev

Now that we have all the branches, the dev one seems like right option, because if the password isn't in production, then it must be in development:

/tmp/tmp.D4dFuWHXng/repo$ git checkout dev
branch 'dev' set up to track 'origin/dev'.
Switched to a new branch 'dev'

/tmp/tmp.D4dFuWHXng/repo$ ls -la
total 20
drwxrwxr-x 4 bandit29 bandit29 4096 Jan  7 15:13 .
drwx------ 3 bandit29 bandit29 4096 Jan  7 15:11 ..
drwxrwxr-x 2 bandit29 bandit29 4096 Jan  7 15:13 code
drwxrwxr-x 8 bandit29 bandit29 4096 Jan  7 15:13 .git
-rw-rw-r-- 1 bandit29 bandit29  134 Jan  7 15:13 README.md

/tmp/tmp.D4dFuWHXng/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.

## credentials

- username: bandit30
- password: cvJfYKNlrTRaaAOjjbmAiQ7NT0ZxTVyp

It was right. That's the password! Now we should be good to go to the next level.

https://overthewire.org/wargames/bandit/bandit30.html
Next Level Guide: Bandit Level 30 → Level 31

Explore My Website