Mar 30, 2021
OverTheWire: Bandit Level 30 → Level 31
https://overthewire.org/wargames/bandit/bandit31.html
Level Goal
There is a git repository at
ssh://bandit30-git@localhost/home/bandit30-git/repo. The password for the userbandit30-gitis the same as for the userbandit30.Clone the repository and find the password for the next level.
Commands you may need to solve this level
git
> whatis git
Git (3pm) - Perl interface to the Git version control system
git (1) - the stupid content trackerHelpful Reading Material
Solution
From the question we understand that in this level we are going to be working with Git. Before we clone the repository lets make an folder in the /tmp directory as from some of the previous levels we know we only have proper permissions to save files in the /tmp folder.
bandit30@bandit:~$ cd /tmp/bandit30@bandit:/tmp$ mkdir git_level30bandit30@bandit:/tmp$ cd git_level30bandit30@bandit:/tmp/git_level30$
Now that we have created our working directory lets clone the repository.
The password for the repository is the same as bandit30
Password : 5b90576bedb2cc04c86a9e924ce42fafNow that we the repository cloned to our machine. Lets see what are the files that are present in the repository.
We see that there is a file called as “README.md” in the folder. Lets have a look at the contents of this file.
Note : The .git directory found in the repository is created by git that consists of files that are required for the proper functioning of the features that are provided by git.
bandit30@bandit:/tmp/git_level30/repo$ cat README.md
just an epmty file... muahahaLooks like the file is empty and we are not given any clue this time. Lets see if there are branches that are available in this repository.
bandit30@bandit:/tmp/git_level30/repo$ git branch -a
* master
remotes/origin/HEAD -> origin/master
remotes/origin/masterLooking at the branches we again don't find anything useful.
Git has another feature called as tags. They are used to mark specific points in the version history of the repository that are important. Lets see if we can find any clue looking at them.
bandit30@bandit:/tmp/git_level30/repo$ git tag
secretWe see that we have an tag that is called “secret” lets view its contents
bandit30@bandit:/tmp/git_level30/repo$ git show secret
47e603bb428404d265f59c42920d81e5And there we go we have found the password for next level !!!
Logout of current session and login as bandit31 to start the next level
> ssh bandit31@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargamesbandit31@bandit.labs.overthewire.org's password: 47e603bb428404d265f59c42920d81e5
