OverTheWire: Bandit Level 18 → Level 19
The password for the next level is stored in a file readme in the homedirectory. Unfortunately, someone has modified .bashrc to log you out when you log in with SSH.
Commands you may need to solve this level
ssh, ls, cat
> whatis ssh
ssh (1) - OpenSSH remote login client> whatis ls
ls (1) - list directory contents> whatis cat
cat (1) - concatenate files and print on the standard output
Note : Not all commands are required to complete the level
From reading the question we understand that we cannot login directly as the default shell “Bash” has been modified to not allow any login using SSH. So we need to use a shell other than bash to access the system.
The details of all the shells that are available on a system is stored under
/etc/shells . Lets look at the file on our system to get an idea of what are the different shells that could be present on the target (Only on Linux)
> cat /etc/shells
# /etc/shells: valid login shells
Note : Each line in the file represents an shell that is present on the system
Now that we have an idea of some of the shells that should be preset on all systems we can try logging with them using SSH. The
-t flag of the SSH command is used to specify the shell to be used to login into the system.
$ ssh firstname.lastname@example.org -p 2220 -t "/bin/sh"
This is a OverTheWire game server. More information on http://email@example.com's password: kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd
We have managed to login successfully using the “sh” shell
Find the password that is present in the readme file
readme$ cat readme
We have got the password for the next level !!!
Logout of the current session and login into the next level using the password for bandit19
> ssh firstname.lastname@example.org -p 2220
This is a OverTheWire game server. More information on http://email@example.com's password: IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x