Bandit31

Website URL: http://overthewire.org/wargames/bandit/bandit31.html

Let’s log into the server as bandit30

The task is as follows:

There is a git repository at ssh://bandit30-git@localhost/home/bandit30-git/repo. The password for the user bandit30-git is the same as for the user bandit30.
Clone the repository and find the password for the next level.

Again the same. Let’s prepare ourselves the same way for another round!

mkdir /tmp/bandit31solving2018
cd /tmp/bandit31solving2018
git clone ssh://bandit30-git@localhost/home/bandit30-git/repo
cd repo
cat README.md

Well, is that developer mocking me!? Not to worry, we’ll definitely crack it!

Let’s look at the commit log.

git log

Nothing here….umm, let’s checkout all the branches, see if it leads us somewhere.

git show-branch -a --list

This seems like another dead end. Exploring the hidden directory .git also gets us nowhere.

Maybe, the branch we seek is not downloaded here. Let’s check out all the branches that are there in the remote repository.

git ls-remote

Voila! I see a suspicious tag named ‘secret’. Let’s explore that avenue a bit more.

git tag
git show-ref --tags -d
git cat-file -p f17132340e8ee6c159e0a4a6bc6f80e1da3b1aea

Mission accomplished!