Bandit30
Website URL: http://overthewire.org/wargames/bandit/bandit30.html
Let’s log into the server as bandit29
The task is as follows:
There is a git repository at
ssh://bandit29-git@localhost/home/bandit29-git/repo. The password for the userbandit29-gitis the same as for the userbandit29.
Clone the repository and find the password for the next level.
The problem statement is the same as the previous one. Let’s try to see whats’s different in this repository. But before going there, preparing the working directory:
mkdir /tmp/bandit30solving2018
cd /tmp/bandit30solving2018
Now, cloning the repository.
git clone ssh://bandit29-git@localhost/home/bandit29-git/repo
cd repo
ls
Let’s see what README.md has for us this time.
cat README.md
As expected, the password isn’t in this file. Let’s check out the commit history.
git log
It seems that this time, we cannot get it from one of the previous commits, at least from the commit messages. We can indeed confirm that by seeing the previous two commits (a task left to you;).
Instead, let’s focus on the cryptic message that;s given to us in the README.md i.e. no passwords in production!
This term might refer to production branch (typically used by the git community). This hints at the possibility of existence of another branch, Let’s explore that.
git show-branch -a --list
Going through the branches, dev branch seems to be interesting. Let’s switch to that branch.
git checkout dev
Let’s check what the README.md has to say about this branch.
cat README.mdMission accomplished!