Bandit Series

OverTheWire: Bandit Level 31 → Level 32

David Varghese
5 min readMar 30, 2021

https://overthewire.org/wargames/bandit/bandit32.html

Level Goal

There is a git repository at ssh://bandit31-git@localhost/home/bandit31-git/repo. The password for the user bandit31-git is the same as for the user bandit31.

Clone the repository and find the password for the next level.

Commands you may need to solve this level

git

> whatis git
Git (3pm)        - Perl interface to the Git version control system
git (1)          - the stupid content tracker

Helpful Reading Material

Version Control (Git)

Version control systems (VCSs) are tools used to track changes to source code (or other collections of files and…

missing.csail.mit.edu

Git Handbook

A version control system, or VCS, tracks the history of changes as people and teams collaborate on projects together…

guides.github.com

Solution

From the question we understand that in this level we are going to be working with Git. Before we clone the repository lets make an folder in the /tmp directory as from some of the previous levels we know we only have proper permissions to save files in the /tmp folder.

bandit31@bandit:~$ cd /tmp/bandit31@bandit:/tmp$ mkdir git_level31bandit31@bandit:/tmp$ cd git_level31bandit31@bandit:/tmp/git_level31$

Now that we have created our working directory lets clone the repository.

The password for the repository is the same as bandit31

Password : 47e603bb428404d265f59c42920d81e5

Now that we the repository cloned to our machine. Lets see what are the files that are present in the repository.

We see that there is a file called as “README.md” in the folder. Lets have a look at the contents of this file.

There is a file called “.gitignore” as well. This file is used to tell git which files should not be added in the repository. This will come in handy later so keep that this in mind.

Note : The .git directory found in the repository is created by git that consists of files that are required for the proper functioning of the features that are provided by git.

We see that this time we have been instructed to add a file to the remote repository. We are given a filename and the content that needed to be added in the file as well as the branch to which the file needs to be pushed. Lets follow these instructions and create a new file.

We have created the file as specified to us in the instructions. Now lets have a look at the “.gitignore” file that is present in the repository.

bandit31@bandit:/tmp/git_level31/repo$ cat .gitignore 
*.txt

We see an line in the file that says *.txt this means that if any file with the extension “.txt” is made in the repository folder it should not be considered part of the repository. So if we try to add the new file that we created it will not be pushed to the remote repository. So lets delete this file and then push the file.

Now that we have deleted “.gitignore” lets commit the changes and push the changes to the remote repository.

By using the “git add” command we instruct git what files need to be added into the staging area. The “.” means add all files with changes. So we are telling git to add all files that have changed in the repository folder to the staging area.

Note : Files that have been deleted are also staged so that when we commit the changes git can figure out what files need to be deleted/ modified.

Next we are committing (adding/ deleting) files into the local copy of the repository. The “-m” flag is used to specify the commit message. If this flag is not specified then the default text editor will be opened using which we can add the commit message.

After performing the above two steps we have added the “key.txt” file and deleted the “.gitignore” file from the repository but the changes will only be reflected on our local copy. The remote copy is still untouched so to update the remote copy we make use of the “git push” command to which we specify the remote repository URL (by default saved in the variable “origin” for a repository that is cloned) and the branch to which we want to push the changes.

Once we pushed the changes to the remote repository we see that we are given the password for the next level

remote: Well done! Here is the password for the next level:
remote: 56a9bf19c63d650ce78e6ec0354ee45e

Logout of the current session and login as bandit32 to start the next level

ssh bandit32@bandit.labs.overthewire.org -p 2220                                                                                                                                                                                      1 ⨯
This is a OverTheWire game server. More information on http://www.overthewire.org/wargamesbandit32@bandit.labs.overthewire.org's password: 56a9bf19c63d650ce78e6ec0354ee45e

Previous Level

OverTheWire: Bandit Level 30 → Level 31

https://overthewire.org/wargames/bandit/bandit31.html

therandomier.medium.com

Next Level

OverTheWire: Bandit Level 32 → Level 33

https://overthewire.org/wargames/bandit/bandit33.html

therandomier.medium.com

Bandit
Ctf
Git
Overthewire
Command Line
David Varghese

Written by David Varghese

150 Followers

Cyber Security Professional in the making. Passionate about Software Development, Cloud Engineering, Programming, Networks and DevOps | blog.davidvarghese.dev

More from David Varghese

See all from David Varghese

Recommended from Medium

Lists

Databricks role-based and specialty certification line-up.

New_Reading_List

174 stories133 saves
See more recommendations

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams