OverTheWire - Bandit: Level 31 to Level 32
The git stuff does not end yet, so we keep on with the same start-up as before.
There is a git repository at
ssh://bandit30-git@localhost/home/bandit30-git/repo
via the port2220
. The password for the userbandit30-git
is the same as for the userbandit30
.Clone the repository and find the password for the next level.
We start over, getting an overview of the repository. Reading the README
and taking a look into available branches and the git-history.
The README
contains only the text just an epmty file... muahaha
. There are no additional branches and the git log has only one entry - the creation of README.md
.
A command, similar to git branch
is git tag
. This command wasn’t necessary yet, but now it seems promising, because there is a tag called secret
:
1 $ git tag -l
2 secret
Maybe there is something where this tag points to (git show-ref
). Therefore, query where it points to and then check-out the commit.
1 $ git show-ref --tags
2 831aac2e2341f009e40e46392a4f5dd318483019 refs/tags/secret
3 $ git checkout tags/secret -b secret-branch
4 fatal: reference is not a tree: tags/secret
Trying to checkout the tag-state does not work. Still, there is this tag, so there must be another way.
When peeking into .git/objects
one can see the pack
directory containing two files:
1 $ ls -al .git/objects/pack
2 total 16
3 drwxrwxr-x 2 bandit30 bandit30 4096 Nov 12 18:08 .
4 drwxrwxr-x 4 bandit30 bandit30 4096 Nov 12 18:08 ..
5 -r--r--r-- 1 bandit30 bandit30 1184 Nov 12 18:08 pack-5dd047e45dd131498476a052c2995fd1aae73453.idx
6 -r--r--r-- 1 bandit30 bandit30 299 Nov 12 18:08 pack-5dd047e45dd131498476a052c2995fd1aae73453.pack
Such files are used to store the state of files, commits and stuff in a compressed way. To get a rough guess on the content of a pack
files one can use the git verify-pack
util.
1 git verify-pack -v .git/objects/pack/pack-5dd047e45dd131498476a052c2995fd1aae73453.pack
2 d39631d73f786269b895ae9a7b14760cbf40a99f commit 194 138 12
3 831aac2e2341f009e40e46392a4f5dd318483019 blob 33 43 150
4 bd85592e905590f084b8df33363a46f9ac4aa708 tree 37 48 193
5 029ba421ef4c34205d52133f8da3d69bc1853777 blob 30 38 241
6 non delta: 4 objects
7 .git/objects/pack/pack-5dd047e45dd131498476a052c2995fd1aae73453.pack: ok
In here we can see the hash of the ref the secret
tag points to again: 831aac2e2341f009e40e46392a4f5dd318483019
It is designated to a blob
which is a file in git
-ish. Details of objects can be inspected using the git show
util, which leads to our next password:
1 $ git show 831aac2e2341f009e40e46392a4f5dd318483019
2 OoffzGDlzhAlerFJ2cAiz1D41JW1Mhmt
Alternatively one could use git cat-file
to check the type of the object and to print its content:
1 $ git cat-file -t 831aac2e2341f009e40e46392a4f5dd318483019
2 blob
3 $ git cat-file -p 831aac2e2341f009e40e46392a4f5dd318483019
4 OoffzGDlzhAlerFJ2cAiz1D41JW1Mhmt
The secret
was a dangling blob
:
Dangling blob = A change that made it to the staging area/index, but never got committed. One thing that is amazing with Git is that once it gets added to the staging area, you can always get it back because these blobs behave like commits in that they have a hash too!! ~ What is a dangling commit and a blob in a Git repository and where do they come from?