OverTheWire: Bandit Level 19 → Level 20


Level Goal

To gain access to the next level, you should use the setuid binary in the homedirectory. Execute it without arguments to find out how to use it. The password for this level can be found in the usual place (/etc/bandit_pass), after you have used the setuid binary.

Helpful Reading Material


We have been told there is an binary file that is present in the home directory which somehow can help us to access the password of bandit20. Lets have a look at the binary

bandit19@bandit:~$ ls
bandit19@bandit:~$ ls -l
total 8
-rwsr-x--- 1 bandit20 bandit19 7296 May 7 2020 bandit20-do

We can see that the file is called bandit20-do and when we list the details of the file we can see that the binary file can be executed by the current user (bandit19) and it is owned by bandit20

To run an executable file we just need to specify its name along with the location. The file is in the current working directory so we can use ./<filename> to access the file

bandit19@bandit:~$ ./bandit20-do
Run a command as another user.
Example: ./bandit20-do id

The file tells us that it allows us to run a command as another user. Lets see an example of running an command as another user using the id command

bandit19@bandit:~$ id
uid=11019(bandit19) gid=11019(bandit19) groups=11019(bandit19)
bandit19@bandit:~$ ./bandit20-do id
uid=11019(bandit19) gid=11019(bandit19) euid=11020(bandit20) groups=11019(bandit19)

We observe that when we use the binary file we are assigned the uid for bandit20 as well which means we can run commands as if we are bandit20

Now that we know we can run commands as bandit20 so lets use the binary to access the password of user bandit20

bandit19@bandit:~$ ./bandit20-do cat /etc/bandit_pass/bandit20

We have found the password for the next level !!!

Logout of the current session and start the next level using the password of bandit20

> ssh bandit20@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit20@bandit.labs.overthewire.org's password: GbKksEFF4yrVs6il55v6gwY5aVje5f0j

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Have a MacBook with a TouchBar? — you need BetterTouchTool

Confident Testing: Why Unit-Testing Over Integration-Testing

Using Roam Research with the altMBA

You can use Speechelo to create voiceovers for your:

Automating an end-to-end Data Pipeline on AWS Cloud

Introduction To Java Date & Time

The Coding Languages of WordPress — SQL

An alternative GitHub Gist viewer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
David Varghese

David Varghese

More from Medium

Static Code Analysis

Docker kernel uniqueness

How To Install Kodi 19.4 in Ubuntu 20.04 / LinuxMint

Kodi logo

To future me, here is the way to set JAVA_HOME