Niveau 30
Level Goal
There is a git repository at ssh://bandit29-git@localhost/home/bandit29-git/repo. The password for the user bandit29-git is the same as for the user bandit29.
Clone the repository and find the password for the next level.
Commands you may need to solve this level
git
Une fois de plus une épreuve git. Commençons par nous connecter en tant que bandit29 et clonons le repo :
bandit29@bandit:~$ mkdir /tmp/bandit29
bandit29@bandit:~$ cd /tmp/bandit29
bandit29@bandit:/tmp/bandit29$ git clone ssh://bandit29-git@localhost/home/bandit29-git/repo
Cloning into 'repo'...
Could not create directory '/home/bandit29/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit29/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit29-git@localhost's password:
remote: Counting objects: 16, done.
remote: Compressing objects: 100% (11/11), done.
remote: Total 16 (delta 2), reused 0 (delta 0)
Receiving objects: 100% (16/16), 1.43 KiB | 0 bytes/s, done.
Resolving deltas: 100% (2/2), done.
Regardons le contenu du fichier README.md présent dans celui ci :
bandit29@bandit:/tmp/bandit29/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.
## credentials
- username: bandit30
- password: <no passwords in production!>
Si l'on regarde l'historique on a :
bandit29@bandit:/tmp/bandit29/repo$ git log
commit 208f463b5b3992906eabf23c562eda3277fea912
Author: Ben Dover <noone@overthewire.org>
Date: Thu May 7 20:14:51 2020 +0200
fix username
commit 18a6fd6d5ef7f0874bbdda2fa0d77b3b81fd63f7
Author: Ben Dover <noone@overthewire.org>
Date: Thu May 7 20:14:51 2020 +0200
initial commit of README.md
Faisons un git diff entre les deux commits :
bandit29@bandit:/tmp/bandit29/repo$ git diff 18a6fd6d5ef7f0874bbdda2fa0d77b3b81fd63f7..208f463b5b3992906eabf23c562eda3277fea912
diff --git a/README.md b/README.md
index 2da2f39..1af21d3 100644
--- a/README.md
+++ b/README.md
@@ -3,6 +3,6 @@ Some notes for bandit30 of bandit.
## credentials
-- username: bandit29
+- username: bandit30
- password: <no passwords in production!>
Comme l'on pouvait s'y attendre on ne trouve rien de bien intéressant.
Deux solutions s'offre à nous :
- utiliser la commande
git log --full-history --allpour afficher l'ensemble des commits fait sur le repository, y compris ceux qui ont été squash - chercher directement dans le contenu des commits en utilisant une regex puisqu'on sait que le mot de passe est toujours une suite de 32 caractères en minuscules et de chiffres
Pour la première solution on obtient la liste de tous les commits, celui qui nous intéresse est assez évident :
bandit29@bandit:/tmp/bandit29/repo$ git log --full-history --all
commit bc833286fca18a3948aec989f7025e23ffc16c07
Author: Morla Porla <morla@overthewire.org>
Date: Thu May 7 20:14:52 2020 +0200
add data needed for development
commit 208f463b5b3992906eabf23c562eda3277fea912
Author: Ben Dover <noone@overthewire.org>
Date: Thu May 7 20:14:51 2020 +0200
fix username
commit 786d5bea2bd2dcbed2c8896a310c3c5306bc713c
Author: Morla Porla <morla@overthewire.org>
Date: Thu May 7 20:14:51 2020 +0200
add some silly exploit, just for shit and giggles
commit 8e6c203f885bd4cd77602f8b9a9ea479929ffa57
Author: Ben Dover <noone@overthewire.org>
Date: Thu May 7 20:14:51 2020 +0200
add gif2ascii
commit 18a6fd6d5ef7f0874bbdda2fa0d77b3b81fd63f7
Author: Ben Dover <noone@overthewire.org>
Date: Thu May 7 20:14:51 2020 +0200
Pour la seconde solution on peut utiliser la commande suivante pour trouver le commit qui nous intéresse :
bandit29@bandit:/tmp/bandit29/repo$ git log -G'[a-z0-9]{32}' --full-history --all
commit bc833286fca18a3948aec989f7025e23ffc16c07
Author: Morla Porla <morla@overthewire.org>
Date: Thu May 7 20:14:52 2020 +0200
add data needed for development
On peut alors retrouver le mot de passe en utilisant le hash du commit :
bandit29@bandit:/tmp/bandit29/repo$ git diff bc833286fca18a3948aec989f7025e23ffc16c07
diff --git a/README.md b/README.md
index 39b87a8..1af21d3 100644
--- a/README.md
+++ b/README.md
@@ -4,5 +4,5 @@ Some notes for bandit30 of bandit.
## credentials
- username: bandit30
-- password: 5b90576bedb2cc04c86a9e924ce42faf
+- password: <no passwords in production!>
diff --git a/code/gif2ascii.py b/code/gif2ascii.py
deleted file mode 100644
index 8b13789..0000000
--- a/code/gif2ascii.py
+++ /dev/null
@@ -1 +0,0 @@
-