Bandit20

Website URL: http://overthewire.org/wargames/bandit/bandit20.html

 

Let’s log into the game server as bandit19.

The task:

To gain access to the next level, you should use the setuid binary in the homedirectory. Execute it without arguments to find out how to use it. The password for this level can be found in the usual place (/etc/bandit_pass), after you have used the setuid binary.

Let’s find the binary and execute it

ls

Okay, so we should be able to run a command as another user. Now, according to the bandit configuration, the password for bandit20 should be available at the following path: /etc/bandit_webpass/bandit20.

This file would have permissions to be accessible only by bandit20. Let’s try and confirm this

ls -al /etc/bandit_pass/bandit20

So, we cannot access it directly from the current shell. Let’s try using the binary file we’ve been provided with, to read the file.

Mission accomplished!