OverTheWire: Bandit Level 30 → Level 31

https://overthewire.org/wargames/bandit/bandit31.html
Level Goal
There is a git repository at
ssh://bandit30-git@localhost/home/bandit30-git/repo
. The password for the userbandit30-git
is the same as for the userbandit30
.Clone the repository and find the password for the next level.
Commands you may need to solve this level
git
> whatis git
Git (3pm) - Perl interface to the Git version control system
git (1) - the stupid content tracker
Helpful Reading Material
Solution
From the question we understand that in this level we are going to be working with Git. Before we clone the repository lets make an folder in the /tmp
directory as from some of the previous levels we know we only have proper permissions to save files in the /tmp
folder.
bandit30@bandit:~$ cd /tmp/bandit30@bandit:/tmp$ mkdir git_level30bandit30@bandit:/tmp$ cd git_level30bandit30@bandit:/tmp/git_level30$
Now that we have created our working directory lets clone the repository.

The password for the repository is the same as bandit30
Password : 5b90576bedb2cc04c86a9e924ce42faf
Now that we the repository cloned to our machine. Lets see what are the files that are present in the repository.

We see that there is a file called as “README.md” in the folder. Lets have a look at the contents of this file.
Note : The .git
directory found in the repository is created by git that consists of files that are required for the proper functioning of the features that are provided by git.
bandit30@bandit:/tmp/git_level30/repo$ cat README.md
just an epmty file... muahaha
Looks like the file is empty and we are not given any clue this time. Lets see if there are branches that are available in this repository.
bandit30@bandit:/tmp/git_level30/repo$ git branch -a
* master
remotes/origin/HEAD -> origin/master
remotes/origin/master
Looking at the branches we again don't find anything useful.
Git has another feature called as tags. They are used to mark specific points in the version history of the repository that are important. Lets see if we can find any clue looking at them.
bandit30@bandit:/tmp/git_level30/repo$ git tag
secret
We see that we have an tag that is called “secret” lets view its contents
bandit30@bandit:/tmp/git_level30/repo$ git show secret
47e603bb428404d265f59c42920d81e5
And there we go we have found the password for next level !!!
Logout of current session and login as bandit31 to start the next level
> ssh bandit31@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargamesbandit31@bandit.labs.overthewire.org's password: 47e603bb428404d265f59c42920d81e5