OverTheWire: Bandit Level 30 → Level 31


Level Goal

There is a git repository at ssh://bandit30-git@localhost/home/bandit30-git/repo. The password for the user bandit30-git is the same as for the user bandit30.

Clone the repository and find the password for the next level.

Commands you may need to solve this level


> whatis git
Git (3pm) - Perl interface to the Git version control system
git (1) - the stupid content tracker

Helpful Reading Material


From the question we understand that in this level we are going to be working with Git. Before we clone the repository lets make an folder in the /tmp directory as from some of the previous levels we know we only have proper permissions to save files in the /tmp folder.

bandit30@bandit:~$ cd /tmp/bandit30@bandit:/tmp$ mkdir git_level30bandit30@bandit:/tmp$ cd git_level30bandit30@bandit:/tmp/git_level30$

Now that we have created our working directory lets clone the repository.

The password for the repository is the same as bandit30

Password : 5b90576bedb2cc04c86a9e924ce42faf

Now that we the repository cloned to our machine. Lets see what are the files that are present in the repository.

We see that there is a file called as “README.md” in the folder. Lets have a look at the contents of this file.

Note : The .git directory found in the repository is created by git that consists of files that are required for the proper functioning of the features that are provided by git.

bandit30@bandit:/tmp/git_level30/repo$ cat README.md 
just an epmty file... muahaha

Looks like the file is empty and we are not given any clue this time. Lets see if there are branches that are available in this repository.

bandit30@bandit:/tmp/git_level30/repo$ git branch -a
* master
remotes/origin/HEAD -> origin/master

Looking at the branches we again don't find anything useful.

Git has another feature called as tags. They are used to mark specific points in the version history of the repository that are important. Lets see if we can find any clue looking at them.

bandit30@bandit:/tmp/git_level30/repo$ git tag

We see that we have an tag that is called “secret” lets view its contents

bandit30@bandit:/tmp/git_level30/repo$ git show secret

And there we go we have found the password for next level !!!

Logout of current session and login as bandit31 to start the next level

> ssh bandit31@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit31@bandit.labs.overthewire.org's password: 47e603bb428404d265f59c42920d81e5

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Lessons From The “Demise” Of CloudFoundry

SCRUM Your Writing Process!

Azure AZ-900 Exam Syllabus is Dynamic

A Brave World — A Browser for Now

Interesting reads — volume #7

Test to 5 limits in the deffer -2 one

When Not To Use DI, IoC, and IoC Containers

Learn the best practice on when to use Dependency Injection (DI), Inversion of Control (IoC) and IoC Containers. DotNet (.NET) CSharp (C#). Best Practice Code Coding Programming Software Development Architecture Engineering

Abandon Twitter, Dev Some More

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
David Varghese

David Varghese

Diary of a kind-hearted hacker: Part 3

5 Things to Know about Multi-Factor Authentication

How do I find if Log4J is installed in my server?

HTTP Request Smuggling Explained