OverTheWire - Bandit: Level 29 to Level 30
There is a git repository at
ssh://bandit28-git@localhost/home/bandit28-git/repo
via the port2220
. The password for the userbandit28-git
is the same as for the userbandit28
.
Clone the repository and find the password for the next level.
The start of this level is the same procedure as for the level before: Creating a temporary directory and cloning the repository.
1 $ mkdir /tmp/shoujin_level_28
2 $ cd /tmp/shoujin_level_28
3 $ git clone ssh://bandit28-git@localhost:2220/home/bandit28-git/repo
4 $ cd repo
This time, the README
has the following content:
1 $ cat README
2 # Bandit Notes
3 Some notes for level29 of bandit.
4
5 ## credentials
6
7 - username: bandit29
8 - password: xxxxxxxxxx
As it can be tested using su bandit29
this isn’t the actual password. But, maybe the password was written in this file in the past. So, let’s peek into the file’s history.
1 $ git log -p -- README.md
2 commit 14f754b3ba6531a2b89df6ccae6446e8969a41f3 (HEAD -> master, origin/master, origin/HEAD)
3 Author: Morla Porla <morla@overthewire.org>
4 Date: Thu Oct 5 06:19:41 2023 +0000
5
6 fix info leak
7
8 diff --git a/README.md b/README.md
9 index b302105..5c6457b 100644
10 --- a/README.md
11 +++ b/README.md
12 @@ -4,5 +4,5 @@ Some notes for level29 of bandit.
13 ## credentials
14
15 - username: bandit29
16 -- password: tQKvmcwNYcFS6vmPHIUSI3ShmsrQZK8S
17 +- password: xxxxxxxxxx
18
19
20 commit f08b9cc63fa1a4602fb065257633c2dae6e5651b
21 Author: Morla Porla <morla@overthewire.org>
22 Date: Thu Oct 5 06:19:41 2023 +0000
23
24 add missing data
25
26 diff --git a/README.md b/README.md
27 index 7ba2d2f..b302105 100644
28 --- a/README.md
29 +++ b/README.md
30 @@ -4,5 +4,5 @@ Some notes for level29 of bandit.
31 ## credentials
32
33 - username: bandit29
34 -- password: <TBD>
35 +- password: tQKvmcwNYcFS6vmPHIUSI3ShmsrQZK8S
36
37
38 commit a645bcc508c63f081234911d2f631f87cf469258
39 Author: Ben Dover <noone@overthewire.org>
40 Date: Thu Oct 5 06:19:41 2023 +0000
41
42 initial commit of README.md
43
44 diff --git a/README.md b/README.md
45 new file mode 100644
46 index 0000000..7ba2d2f
47 --- /dev/null
48 +++ b/README.md
49 @@ -0,0 +1,8 @@
50 +# Bandit Notes
51 +Some notes for level29 of bandit.
52 +
53 +## credentials
54 +
55 +- username: bandit29
56 +- password: <TBD>
57 +
58
There it is!
1 tQKvmcwNYcFS6vmPHIUSI3ShmsrQZK8S
The password has been added with the commit f08b9cc63fa1a4602fb065257633c2dae6e5651b
by someone named Morla Porla
and just a moment later the password has been removed again.