OverTheWire - Bandit: Level 29 to Level 30

There is a git repository at ssh://bandit28-git@localhost/home/bandit28-git/repo via the port 2220. The password for the user bandit28-git is the same as for the user bandit28.

Clone the repository and find the password for the next level.

The start of this level is the same procedure as for the level before: Creating a temporary directory and cloning the repository.

1 $ mkdir /tmp/shoujin_level_28
2 $ cd /tmp/shoujin_level_28
3 $ git clone ssh://bandit28-git@localhost:2220/home/bandit28-git/repo
4 $ cd repo

This time, the README has the following content:

1 $ cat README
2 # Bandit Notes
3 Some notes for level29 of bandit.
4 
5 ## credentials
6 
7 - username: bandit29
8 - password: xxxxxxxxxx

As it can be tested using su bandit29 this isn’t the actual password. But, maybe the password was written in this file in the past. So, let’s peek into the file’s history.

1 $ git log -p -- README.md
2 commit 14f754b3ba6531a2b89df6ccae6446e8969a41f3 (HEAD -> master, origin/master, origin/HEAD)
3 Author: Morla Porla <morla@overthewire.org>
4 Date:   Thu Oct 5 06:19:41 2023 +0000
5 
6     fix info leak
7 
8 diff --git a/README.md b/README.md
9 index b302105..5c6457b 100644
10 --- a/README.md
11 +++ b/README.md
12 @@ -4,5 +4,5 @@ Some notes for level29 of bandit.
13  ## credentials
14  
15  - username: bandit29
16 -- password: tQKvmcwNYcFS6vmPHIUSI3ShmsrQZK8S
17 +- password: xxxxxxxxxx
18  
19 
20 commit f08b9cc63fa1a4602fb065257633c2dae6e5651b
21 Author: Morla Porla <morla@overthewire.org>
22 Date:   Thu Oct 5 06:19:41 2023 +0000
23 
24     add missing data
25 
26 diff --git a/README.md b/README.md
27 index 7ba2d2f..b302105 100644
28 --- a/README.md
29 +++ b/README.md
30 @@ -4,5 +4,5 @@ Some notes for level29 of bandit.
31  ## credentials
32  
33  - username: bandit29
34 -- password: <TBD>
35 +- password: tQKvmcwNYcFS6vmPHIUSI3ShmsrQZK8S
36  
37 
38 commit a645bcc508c63f081234911d2f631f87cf469258
39 Author: Ben Dover <noone@overthewire.org>
40 Date:   Thu Oct 5 06:19:41 2023 +0000
41 
42     initial commit of README.md
43 
44 diff --git a/README.md b/README.md
45 new file mode 100644
46 index 0000000..7ba2d2f
47 --- /dev/null
48 +++ b/README.md
49 @@ -0,0 +1,8 @@
50 +# Bandit Notes
51 +Some notes for level29 of bandit.
52 +
53 +## credentials
54 +
55 +- username: bandit29
56 +- password: <TBD>
57 +
58

There it is!

1 tQKvmcwNYcFS6vmPHIUSI3ShmsrQZK8S

The password has been added with the commit f08b9cc63fa1a4602fb065257633c2dae6e5651b by someone named Morla Porla and just a moment later the password has been removed again.

Kategorien: #/writeups/; #/overthewire/

Tags: #/security/; #/hacking/; #/bash/; #/linux/; #/ctf/

1	$ mkdir /tmp/shoujin_level_28
2	$ cd /tmp/shoujin_level_28
3	$ git clone ssh://bandit28-git@localhost:2220/home/bandit28-git/repo
4	$ cd repo

1	$ cat README
2	# Bandit Notes
3	Some notes for level29 of bandit.
4
5	## credentials
6
7	- username: bandit29
8	- password: xxxxxxxxxx

1	$ git log -p -- README.md
2	commit 14f754b3ba6531a2b89df6ccae6446e8969a41f3 (HEAD -> master, origin/master, origin/HEAD)
3	Author: Morla Porla <morla@overthewire.org>
4	Date: Thu Oct 5 06:19:41 2023 +0000
5
6	fix info leak
7
8	diff --git a/README.md b/README.md
9	index b302105..5c6457b 100644
10	--- a/README.md
11	+++ b/README.md
12	@@ -4,5 +4,5 @@ Some notes for level29 of bandit.
13	## credentials
14
15	- username: bandit29
16	-- password: tQKvmcwNYcFS6vmPHIUSI3ShmsrQZK8S
17	+- password: xxxxxxxxxx
18
19
20	commit f08b9cc63fa1a4602fb065257633c2dae6e5651b
21	Author: Morla Porla <morla@overthewire.org>
22	Date: Thu Oct 5 06:19:41 2023 +0000
23
24	add missing data
25
26	diff --git a/README.md b/README.md
27	index 7ba2d2f..b302105 100644
28	--- a/README.md
29	+++ b/README.md
30	@@ -4,5 +4,5 @@ Some notes for level29 of bandit.
31	## credentials
32
33	- username: bandit29
34	-- password: <TBD>
35	+- password: tQKvmcwNYcFS6vmPHIUSI3ShmsrQZK8S
36
37
38	commit a645bcc508c63f081234911d2f631f87cf469258
39	Author: Ben Dover <noone@overthewire.org>
40	Date: Thu Oct 5 06:19:41 2023 +0000
41
42	initial commit of README.md
43
44	diff --git a/README.md b/README.md
45	new file mode 100644
46	index 0000000..7ba2d2f
47	--- /dev/null
48	+++ b/README.md
49	@@ -0,0 +1,8 @@
50	+# Bandit Notes
51	+Some notes for level29 of bandit.
52	+
53	+## credentials
54	+
55	+- username: bandit29
56	+- password: <TBD>
57	+
58