OverTheWire - Bandit 0-33
The Bandit wargame on OverTheWire.org is aimed at absolute beginners. The goal is to teach the Linux basics needed to be able to play other wargames and compete in CTFs. This post contains my solutions all the currently released Bandit challenges.
bandit 0
$ ssh -p 2220 bandit0@bandit.labs.overthewire.org
# enter given pass: bandit0
$ cat readme
boJ9jbbUNNfktd78OOpsqOltutMc3MY1
bandit1
$ ssh -p 2220 bandit1@bandit.labs.overthewire.org
# enter: boJ9jbbUNNfktd78OOpsqOltutMc3MY1
$ cat ./-
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
# dashed filename requires more explicit path (delimit)
bandit2
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit2
# enter: CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
$ cat spaces\ in\ this\ filename
UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
# autocomplete with tab
# alternatively define explicitly with "spaces in this filename"
bandit3
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit3
# enter: UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
$ cd inhere
$ ls -a
$ cat .hidden
pIwrPrtPN36QITSp3EQaw936yaFoFgAB
bandit4
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit4
# enter: pIwrPrtPN36QITSp3EQaw936yaFoFgAB
$ cd inhere
~/inhere$ file ./*
./-file00: data
./-file01: data
./-file02: data
./-file03: data
./-file04: data
./-file05: data
./-file06: data
./-file07: ASCII text
./-file08: data
./-file09: data
$ cat ./-file07
koReBOKuIDDepwhWk7jZC0RTdopnAYKh
# ---OR---
bandit4@bandit:~/inhere$ cat $(file ./* | grep text | cut -d ":" -f 1)
bandit5
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit5
# enter: koReBOKuIDDepwhWk7jZC0RTdopnAYKh
$ cd inhere
$ find ./ -size 1033c ! -executable | xargs file | grep text
./inhere/maybehere07/.file2: ASCII text, with very long lines
# `c' for bytes
$ cat inhere/maybehere07/.file2
DXjZPULLxYr17uwoI01bNLQbtFemEgo7
bandit6
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit6
# enter: DXjZPULLxYr17uwoI01bNLQbtFemEgo7
$ find / -user bandit7 -group bandit6 -size 33c 2>/dev/null -exec cat {} \;
HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs
bandit7
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit7
# enter: HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs
$ cat data.txt | grep "millionth"
millionth cvX2JJa4CFALtqS87jk27qwqGhBM9plV
bandit8
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit8
# enter: cvX2JJa4CFALtqS87jk27qwqGhBM9plV
$ sort data.txt | uniq -u
UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR
bandit9
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit9
# enter: UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR
$ strings data.txt | grep '=='
2========== the
========== password
========== isa
========== truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
bandit10
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit10
# enter: truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk
$ base64 -d data.txt
The password is IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR
bandit11
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit11
# enter: IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR
$ cat data.txt | tr '[A-Za-z]' '[N-ZA-Mn-za-m]'
The password is 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu
bandit12
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit12
# enter: 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu
$ mkdir /tmp/a12
$ cd /tmp/a12
$ cp ~/data.txt .
$ xxd -r data.txt > bdata
$ file bdata
bdata: gzip compressed data, was "data2.bin", last modified: Tue Oct 16 12:00:23 2018, max compression, from Unix
$ mv bdata bdata.gz
$ gunzip bdata.gz
$ file bdata
$ mv bdata bdata.bz2
$ file bdata
$ mv bdata bdata.gz
$ gunzip bdata.gz
$ file bdata
$ tar -xf bdata
$ file data5.bin
$ tar -xf data5.bin
$ file data6.bin
$ file data6.bin.out
$ tar -xf data6.bin.out
$ file data8.bin
$ mv data8.bin d.gz
$ gunzip d.gz
$ cat d
The password is 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL
bandit13
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit13
# enter: 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL
$ ssh -i sshkey.private bandit14@localhost
$ cat /etc/bandit_pass/bandit14
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
bandit14
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit14
# enter: 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
bandit14@bandit:~$ telnet localhost 30000
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e <---when prompted, type this in
Correct!
BfMYroe26WYalil77FoDi9qh59eK5xNr
Connection closed by foreign host.
# ---OR---
bandit14@bandit:~$ echo 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e | nc localhost 30000
Correct!
BfMYroe26WYalil77FoDi9qh59eK5xNr
bandit15
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit15
# enter: BfMYroe26WYalil77FoDi9qh59eK5xNr
bandit15@bandit:~$ openssl s_client -connect localhost:30001
# enter: BfMYroe26WYalil77FoDi9qh59eK5xNr
Correct!
cluFn7wTiGryunymYOu4RcffSxQluehd
# ---OR---
bandit15@bandit:~$ echo BfMYroe26WYalil77FoDi9qh59eK5xNr | openssl s_client -connect localhost:30001 -ign_eof
Correct!
cluFn7wTiGryunymYOu4RcffSxQluehd
# s_client needs the -ign_eof flag to get the final print out.
# -ign_eof: Inhibit shutting down the connection when end of file is reached in the input.
bandit16
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit16
# enter: cluFn7wTiGryunymYOu4RcffSxQluehd
# nmap flag -sV: Probe open ports to determine service/version info
bandit16@bandit:~$ nmap -p 31000-32000 -sV localhost
....
31518/tcp filtered unknown
31790/tcp open ssl/unknown
....
bandit16@bandit:~$ echo cluFn7wTiGryunymYOu4RcffSxQluehd | openssl s_client -connect localhost:31790 -ign_eof
....
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAvmOkuifmMg6HL2YPIOjon6iWfbp7c3jx34YkYWqUH57SUdyJ
imZzeyGC0gtZPGujUSxiJSWI/oTqexh+cAMTSMlOJf7+BrJObArnxd9Y7YT2bRPQ
Ja6Lzb558YW3FZl87ORiO+rW4LCDCNd2lUvLE/GL2GWyuKN0K5iCd5TbtJzEkQTu
DSt2mcNn4rhAL+JFr56o4T6z8WWAW18BR6yGrMq7Q/kALHYW3OekePQAzL0VUYbW
JGTi65CxbCnzc/w4+mqQyvmzpWtMAzJTzAzQxNbkR2MBGySxDLrjg0LWN6sK7wNX
x0YVztz/zbIkPjfkU1jHS+9EbVNj+D1XFOJuaQIDAQABAoIBABagpxpM1aoLWfvD
KHcj10nqcoBc4oE11aFYQwik7xfW+24pRNuDE6SFthOar69jp5RlLwD1NhPx3iBl
J9nOM8OJ0VToum43UOS8YxF8WwhXriYGnc1sskbwpXOUDc9uX4+UESzH22P29ovd
d8WErY0gPxun8pbJLmxkAtWNhpMvfe0050vk9TL5wqbu9AlbssgTcCXkMQnPw9nC
YNN6DDP2lbcBrvgT9YCNL6C+ZKufD52yOQ9qOkwFTEQpjtF4uNtJom+asvlpmS8A
vLY9r60wYSvmZhNqBUrj7lyCtXMIu1kkd4w7F77k+DjHoAXyxcUp1DGL51sOmama
+TOWWgECgYEA8JtPxP0GRJ+IQkX262jM3dEIkza8ky5moIwUqYdsx0NxHgRRhORT
8c8hAuRBb2G82so8vUHk/fur85OEfc9TncnCY2crpoqsghifKLxrLgtT+qDpfZnx
SatLdt8GfQ85yA7hnWWJ2MxF3NaeSDm75Lsm+tBbAiyc9P2jGRNtMSkCgYEAypHd
HCctNi/FwjulhttFx/rHYKhLidZDFYeiE/v45bN4yFm8x7R/b0iE7KaszX+Exdvt
SghaTdcG0Knyw1bpJVyusavPzpaJMjdJ6tcFhVAbAjm7enCIvGCSx+X3l5SiWg0A
R57hJglezIiVjv3aGwHwvlZvtszK6zV6oXFAu0ECgYAbjo46T4hyP5tJi93V5HDi
Ttiek7xRVxUl+iU7rWkGAXFpMLFteQEsRr7PJ/lemmEY5eTDAFMLy9FL2m9oQWCg
R8VdwSk8r9FGLS+9aKcV5PI/WEKlwgXinB3OhYimtiG2Cg5JCqIZFHxD6MjEGOiu
L8ktHMPvodBwNsSBULpG0QKBgBAplTfC1HOnWiMGOU3KPwYWt0O6CdTkmJOmL8Ni
blh9elyZ9FsGxsgtRBXRsqXuz7wtsQAgLHxbdLq/ZJQ7YfzOKU4ZxEnabvXnvWkU
YOdjHdSOoKvDQNWu6ucyLRAWFuISeXw9a/9p7ftpxm0TSgyvmfLF2MIAEwyzRqaM
77pBAoGAMmjmIJdjp+Ez8duyn3ieo36yrttF5NSsJLAbxFpdlc1gvtGCWW+9Cq0b
dxviW8+TFVEBl1O4f7HVm6EpTscdDxU+bCXWkfjuRb7Dy9GOtt9JPsX8MBTakzh3
vBgsyi/sN3RqRBcGU40fOoZyfAMT8s1m/uYv52O6IgeuZ/ujbjY=
-----END RSA PRIVATE KEY-----
....
bandit16@bandit:~$ mkdir /tmp/sshme && cd $_
# The $_ (dollar underscore) bash command variable contains the most recent parameter
bandit16@bandit:/tmp/sshme$ vi id_rsa
# Paste in the RSA key from clipboard.
bandit16@bandit:/tmp/sshme$ chmod 600 id_rsa
bandit16@bandit:/tmp/sshme$ ssh -i id_rsa bandit17@localhost
bandit17@bandit:~$ cat /etc/bandit_pass/bandit17
xLYVMN9WE5zQ5vHacb0sZEVqbrp7nBTn
bandit17
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit17
# enter: xLYVMN9WE5zQ5vHacb0sZEVqbrp7nBTn
bandit17@bandit:~$ diff passwords.old passwords.new
42c42
< hlbSBPAWJmL6WFDb06gpTx1pPButblOA
---
> kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd
bandit18
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit18 cat readme
# enter: kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd
IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x
# ---OR---
$ ssh -T -p 2220 bandit.labs.overthewire.org
$ cat readme
bandit19
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit19
# enter: IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x
bandit19@bandit:~$ ./bandit20-do
Run a command as another user.
Example: ./bandit20-do id
bandit19@bandit:~$ ./bandit20-do cat /etc/bandit_pass/bandit20
GbKksEFF4yrVs6il55v6gwY5aVje5f0j
bandit20
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit20
# enter: GbKksEFF4yrVs6il55v6gwY5aVje5f0j
bandit20@bandit:~$ ./suconnect
Usage: ./suconnect <portnumber>
This program will connect to the given port on localhost using TCP. If it receives the correct password from the other side, the next password is transmitted back.
bandit20@bandit:~$ echo "GbKksEFF4yrVs6il55v6gwY5aVje5f0j" | nc -l -p 2600 &
[2] 28169
bandit20@bandit:~$ ./suconnect 2600
Read: GbKksEFF4yrVs6il55v6gwY5aVje5f0j
Password matches, sending next password
gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr
[2]+ Done echo "GbKksEFF4yrVs6il55v6gwY5aVje5f0j" | nc -l -p 2600
bandit21
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit21
# enter: gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr
bandit21@bandit:~$ ls /etc/cron.d
cronjob_bandit22 cronjob_bandit23 cronjob_bandit24
bandit21@bandit:~$ cat /etc/cron.d/cronjob_bandit22
@reboot bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null
* * * * * bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null
bandit21@bandit:~$ cat /usr/bin/cronjob_bandit22.sh
#!/bin/bash
chmod 644 /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
cat /etc/bandit_pass/bandit22 > /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
bandit21@bandit:~$ cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI
bandit22
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit22
# enter: Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI
bandit22@bandit:~$ cd /etc/cron.d
bandit22@bandit:/etc/cron.d$ ls
cronjob_bandit22 cronjob_bandit23 cronjob_bandit24
bandit22@bandit:/etc/cron.d$ cat cronjob_bandit23
@reboot bandit23 /usr/bin/cronjob_bandit23.sh &> /dev/null
* * * * * bandit23 /usr/bin/cronjob_bandit23.sh &> /dev/null
bandit22@bandit:/etc/cron.d$ cat /usr/bin/cronjob_bandit23.sh
#!/bin/bash
myname=$(whoami)
mytarget=$(echo I am user $myname | md5sum | cut -d ' ' -f 1)
echo "Copying passwordfile /etc/bandit_pass/$myname to /tmp/$mytarget"
cat /etc/bandit_pass/$myname > /tmp/$mytarget
bandit22@bandit:/etc/cron.d$ echo I am user bandit23 | md5sum | cut -d ' ' -f 1
8ca319486bfbbc3663ea0fbe81326349
bandit22@bandit:/etc/cron.d$ cat /tmp/$(!!)
cat /tmp/$(echo I am user bandit23 | md5sum | cut -d ' ' -f 1)
jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n
bandit23
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit23
# enter: jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n
bandit23@bandit:~$ cat /etc/cron.d/cronjob_bandit24
@reboot bandit24 /usr/bin/cronjob_bandit24.sh &> /dev/null
* * * * * bandit24 /usr/bin/cronjob_bandit24.sh &> /dev/null
bandit23@bandit:~$ cat /usr/bin/cronjob_bandit24.sh
#!/bin/bash
myname=$(whoami)
cd /var/spool/$myname
echo "Executing and deleting all scripts in /var/spool/$myname:"
for i in * .*;
do
if [ "$i" != "." -a "$i" != ".." ];
then
echo "Handling $i"
timeout -s 9 60 ./$i
rm -f ./$i
fi
done
bandit23@bandit:~$ mkdir /tmp/spoolme && cd $_
bandit23@bandit:/tmp/spoolme$ echo '#!/bin/bash
>
> cat /etc/bandit_pass/bandit24 > /tmp/spoolme/pass
> ' > my_script.sh
bandit23@bandit:~$ chmod 777 . my_script.sh
bandit23@bandit:~$ cp my_script.sh /var/spool/bandit24/
# waited a while for cronjob to run
bandit23@bandit:~$ ls
my_script.sh pass
bandit23@bandit:/tmp/spoolme$ cat pass
UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ
bandit24
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit24
# enter: UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ
bandit24@bandit:~$ cd /tmp/spoolme
bandit24@bandit:/tmp/spoolme$ echo "
> #!/bin/bash
>
> bandit24=UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ
> for i in {0000..9999}
> do
> echo $bandit24' '$i | netcat localhost 30002 >> /tmp/spoolme/output.txt
> done" > brute_force.sh
bandit24@bandit:/tmp/spoolme$ touch output.txt
bandit24@bandit:/tmp/spoolme$ ./brute_force.sh
# wait a long while
bandit24@bandit:/tmp/spoolme$ sort output.txt | uniq -u
Correct!
The password of user bandit25 is uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG
bandit25
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit25
# enter: uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG
bandit25@bandit:~$ cat /etc/passwd | grep bandit26
bandit26:x:11026:11026:bandit level 26:/home/bandit26:/usr/bin/showtext
bandit25@bandit:~$ cat /usr/bin/showtext
#!/bin/sh
export TERM=linux
more ~/text.txt
exit 0
bandit25@bandit:~$ ssh -i bandit26.sshkey bandit26@localhost
# shrink terminal height to take advantage of 'more'
v
# open vim inside more
:e /etc/bandit_pass/bandit26
5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z
bandit26
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit26
# enter: 5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z
# shrink terminal height to take advantage of 'more'
v
:set shell=/bin/bash
:sh
bandit26@bandit:~$ ./bandit27-do cat /etc/bandit_pass/bandit27
3ba3118a22e93127a4ed485be72ef5ea
bandit27
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit27
# enter: 3ba3118a22e93127a4ed485be72ef5ea
bandit27@bandit:~$ cd /tmp/spoolme
bandit27@bandit:/tmp/spoolme$ git clone ssh://bandit27-git@localhost/home/bandit27-git/repo
Cloning into 'repo'...
Could not create directory '/home/bandit27/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit27/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit27-git@localhost's password:
remote: Counting objects: 3, done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (3/3), done.
bandit27@bandit:/tmp/spoolme$ cd repo/
bandit27@bandit:/tmp/spoolme/repo$ cat README
The password to the next level is: 0ef186ac70e04ea33b4c1853d2526fa2
bandit28
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit28
# enter: 0ef186ac70e04ea33b4c1853d2526fa2
bandit28@bandit:~$ cd /tmp/spoolme
bandit28@bandit:/tmp/spoolme$ mv repo repo2
bandit28@bandit:/tmp/spoolme$ git clone ssh://bandit28-git@localhost/home/bandit28-git/repo
bandit28@bandit:/tmp/spoolme$ cd repo
bandit28@bandit:/tmp/spoolme/repo$ cat README.md
# Bandit Notes
Some notes for level29 of bandit.
## credentials
- username: bandit29
- password: xxxxxxxxxx
bandit28@bandit:/tmp/spoolme/repo$ git log
commit 073c27c130e6ee407e12faad1dd3848a110c4f95
Author: Morla Porla <morla@overthewire.org>
Date: Tue Oct 16 14:00:39 2018 +0200
fix info leak
commit 186a1038cc54d1358d42d468cdc8e3cc28a93fcb
Author: Morla Porla <morla@overthewire.org>
Date: Tue Oct 16 14:00:39 2018 +0200
add missing data
commit b67405defc6ef44210c53345fc953e6a21338cc7
Author: Ben Dover <noone@overthewire.org>
Date: Tue Oct 16 14:00:39 2018 +0200
bandit28@bandit:/tmp/spoolme/repo/.git$ git show 073c27c130e6ee407e12faad1dd3848a110c4f95
commit 073c27c130e6ee407e12faad1dd3848a110c4f95
Author: Morla Porla <morla@overthewire.org>
Date: Tue Oct 16 14:00:39 2018 +0200
fix info leak
diff --git a/README.md b/README.md
index 3f7cee8..5c6457b 100644
--- a/README.md
+++ b/README.md
@@ -4,5 +4,5 @@ Some notes for level29 of bandit.
## credentials
- username: bandit29
-- password: bbc96594b4e001778eee9975372716b2
+- password: xxxxxxxxxx
bandit29
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit29
# enter: bbc96594b4e001778eee9975372716b2
bandit29@bandit:~$ cd /tmp/spoolme
bandit29@bandit:/tmp/spoolme$ mv repo repo2.1
bandit29@bandit:/tmp/spoolme$ git clone ssh://bandit29-git@localhost/home/bandit29-git/repo
bandit29@bandit:/tmp/spoolme$ cd repo
bandit29@bandit:/tmp/spoolme/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.
## credentials
- username: bandit30
- password: <no passwords in production!>
bandit29@bandit:/tmp/spoolme/repo$ git branch -a
* master
remotes/origin/HEAD -> origin/master
remotes/origin/dev
remotes/origin/master
remotes/origin/sploits-dev
# option -a shows both local and remote branches.
bandit29@bandit:/tmp/spoolme/repo$ git checkout dev
bandit29@bandit:/tmp/spoolme/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.
## credentials
- username: bandit30
- password: 5b90576bedb2cc04c86a9e924ce42faf
bandit30
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit30
# enter: 5b90576bedb2cc04c86a9e924ce42faf
bandit30@bandit:~$ mkdir /tmp/sloopme && cd $_
bandit30@bandit:/tmp/sloopme$ git clone ssh://bandit30-git@localhost/home/bandit30-git/repo
bandit30@bandit:/tmp/sloopme$ cd repo/
bandit30@bandit:/tmp/sloopme/repo$ cat README.md
just an epmty file... muahaha
bandit30@bandit:/tmp/sloopme/repo$ git tag
secret
bandit30@bandit:/tmp/sloopme/repo$ git show secret
47e603bb428404d265f59c42920d81e5
bandit31
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit31
# enter: 47e603bb428404d265f59c42920d81e5
bandit30@bandit:~$ mkdir /tmp/slow && cd $_
bandit31@bandit:/tmp/slow$ git clone ssh://bandit31-git@localhost/home/bandit31-git/repo
bandit31@bandit:/tmp/slow$ cd repo/
bandit31@bandit:/tmp/slow/repo$ cat README.md
This time your task is to push a file to the remote repository.
Details:
File name: key.txt
Content: 'May I come in?'
Branch: master
bandit31@bandit:/tmp/slow/repo$ vim key.txt
# content of key.txt is: May I come in?
bandit31@bandit:/tmp/slow/repo$ git add -f key.txt
bandit31@bandit:/tmp/slow/repo$ git commit -m "key.txt"
[master 0076ca2] key.txt
1 file changed, 1 insertion(+)
create mode 100644 key.txt
bandit31@bandit:/tmp/slow/repo$ git push
Could not create directory '/home/bandit31/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit31/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit31-git@localhost's password:
Counting objects: 3, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 319 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
remote: ### Attempting to validate files... ####
remote:
remote: .oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.
remote:
remote: Well done! Here is the password for the next level:
remote: 56a9bf19c63d650ce78e6ec0354ee45e
remote:
remote: .oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.
remote:
To ssh://localhost/home/bandit31-git/repo
! [remote rejected] master -> master (pre-receive hook declined)
error: failed to push some refs to 'ssh://bandit31-git@localhost/home/bandit31-git/repo'
bandit32
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit32
# enter: 56a9bf19c63d650ce78e6ec0354ee45e
>> $SHELL
WELCOME TO THE UPPERCASE SHELL
>> $0
$ echo $SHELL
/home/bandit32/uppershell
$ echo $0
sh
# $0 is the name of the shell or shell script
# see: https://stackoverflow.com/questions/5163144/what-are-the-special-dollar-sign-shell-variables
$ cat /etc/bandit_pass/bandit33
c9c3199ddf4121b10cf581a98d51caee
bandit33
$ ssh -p 2220 bandit.labs.overthewire.org -l bandit33
# enter: c9c3199ddf4121b10cf581a98d51caee
bandit33@bandit:~$ cat README.txt
Congratulations on solving the last level of this game!
At this moment, there are no more levels to play in this game. However, we are constantly working
on new levels and will most likely expand this game with more levels soon.
Keep an eye out for an announcement on our usual communication channels!
In the meantime, you could play some of our other wargames.
If you have an idea for an awesome new level, please let us know!