OverTheWire: Bandit Level 26 → Level 27
Good job getting a shell! Now hurry and grab the password for bandit27!
Commands you may need to solve this level
> whatis ls 130 ⨯
ls (1) - list directory contents
Helpful Reading Material
If at the end of the last level you logged out perform the same steps as last level to login back as bandit26 but this time from our system.
Make the terminal height wise short so that the more command will enter interactive mode
> ssh firstname.lastname@example.org -p 2220
This is a OverTheWire game server. More information on http://email@example.com's password: 5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z
Press “v” to open the file in a text editor (Default vim) then enter the commands below to start a bash shell.
If the above steps where performed properly you should have an bash shell and be logged in as bandit26.
Note : If the above steps do not make sense refer my previous article where I have explained the process in detail.
Lets see if there are any file in the current working directory
bandit27-do text.txtbandit26@bandit:~$ ls -l
-rwsr-x--- 1 bandit27 bandit26 7296 May 7 2020 bandit27-do
-rw-r----- 1 bandit26 bandit26 258 May 7 2020 text.txt
We see an binary file called “bandit27-do”. If we look at its properties we see that the file is owned by bandit27 and the SUID bit of the file is set as well. Which means that using the binary if we run any other command that command will have the same permissions as the owner of the binary (in this case the commands will have bandit27 permissions)
So lets try to cat the content of the password file of bandit27 using the binary.
bandit26@bandit:~$ ./bandit27-do cat /etc/bandit_pass/bandit27
There we go we have the password for the next level !!!
Logout of the current session and login into the next level as banddit27
> ssh firstname.lastname@example.org -p 2220
This is a OverTheWire game server. More information on http://email@example.com's password: 3ba3118a22e93127a4ed485be72ef5ea