OverTheWire: Bandit Level 26 → Level 27

https://overthewire.org/wargames/bandit/bandit27.html

Level Goal

Good job getting a shell! Now hurry and grab the password for bandit27!

Commands you may need to solve this level

ls

> whatis ls                                                                                                     130 ⨯
ls (1) - list directory contents

Helpful Reading Material

Solution

If at the end of the last level you logged out perform the same steps as last level to login back as bandit26 but this time from our system.

Make the terminal height wise short so that the more command will enter interactive mode

> ssh bandit26@bandit.labs.overthewire.org -p 2220             
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit26@bandit.labs.overthewire.org's password: 5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z

Press “v” to open the file in a text editor (Default vim) then enter the commands below to start a bash shell.

If the above steps where performed properly you should have an bash shell and be logged in as bandit26.

Note : If the above steps do not make sense refer my previous article where I have explained the process in detail.

Lets see if there are any file in the current working directory

bandit26@bandit:~$ ls
bandit27-do text.txt
bandit26@bandit:~$ ls -l
total 12
-rwsr-x--- 1 bandit27 bandit26 7296 May 7 2020 bandit27-do
-rw-r----- 1 bandit26 bandit26 258 May 7 2020 text.txt

We see an binary file called “bandit27-do”. If we look at its properties we see that the file is owned by bandit27 and the SUID bit of the file is set as well. Which means that using the binary if we run any other command that command will have the same permissions as the owner of the binary (in this case the commands will have bandit27 permissions)

So lets try to cat the content of the password file of bandit27 using the binary.

bandit26@bandit:~$ ./bandit27-do cat /etc/bandit_pass/bandit27
3ba3118a22e93127a4ed485be72ef5ea

There we go we have the password for the next level !!!

Logout of the current session and login into the next level as banddit27

> ssh bandit27@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit27@bandit.labs.overthewire.org's password: 3ba3118a22e93127a4ed485be72ef5ea

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Install Prometheus With Puppet Bolt

-30% rabatt på 570kr inköpsvärdet!

Advanced GUI Barcode Reader for Windows, Linux, macOS and Rasberry Pi OS

3 Characteristics of Successful Teams

GCP Certification Series: 2.3 Planning and configuring data storage options

Static and Dynamic linking of libraries on Linux OS.

Fanatic Badge on Stack Overflow — Part Two: Email Notification

Governance Improvements

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
David Varghese

David Varghese

More from Medium

Collapsible Network(Graph) Diagram with D3

Advent of Cyber 3 Day 12 — Sharing Without Caring Walkthrough

#Sotb2021 (State of the Browser, 2021) — Highlights

How to use Google Apps Script to process large amounts of data