OverTheWire - Bandit: Level 30 to Level 31

Again, a git repository is provided, from which the credentials have to be acquired.

There is a git repository at ssh://bandit29-git@localhost/home/bandit29-git/repo via the port 2220. The password for the user bandit29-git is the same as for the user bandit29.

Clone the repository and find the password for the next level.

After cloning, we can take a look into the README:

1
$ cat README.md 
2
# Bandit Notes
3
Some notes for bandit30 of bandit.
4

5
## credentials
6

7
- username: bandit30
8
- password: <no passwords in production!>

Even though there aren’t any passwords in production, maybe there is a develop-branch which contains passwords?

1
$ git branch -a
2
* master
3
  remotes/origin/HEAD -> origin/master
4
  remotes/origin/dev
5
  remotes/origin/master
6
  remotes/origin/sploits-dev

There are two more branches: dev and sploits-dev Let’s start by switching branch to dev.

1
$ git switch dev
2
Branch 'dev' set up to track remote branch 'dev' from 'origin'.
3
Switched to a new branch 'dev'
4
$ ls -al
5
total 20
6
drwxrwxr-x 4 bandit29 bandit29 4096 Nov 12 13:08 .
7
drwxrwxr-x 3 bandit29 bandit29 4096 Nov 12 13:04 ..
8
drwxrwxr-x 2 bandit29 bandit29 4096 Nov 12 13:08 code
9
drwxrwxr-x 8 bandit29 bandit29 4096 Nov 12 13:08 .git
10
-rw-rw-r-- 1 bandit29 bandit29  134 Nov 12 13:08 README.md

Again there is a README file and again it contains a password:

1
Some notes for bandit30 of bandit.
2

3
## credentials
4

5
- username: bandit30
6
- password: xbhV3HpNGlTIdnjUrdAlPzc2L6y9EOnS

Kategorien: #/writeups/; #/overthewire/

Tags: #/security/; #/hacking/; #/bash/; #/linux/; #/ctf/