Level Goal

There is a git repository at ssh://bandit28-git@localhost/home/bandit28-git/repo via the port 2220. The password for the user bandit28-git is the same as for the user bandit28.

Clone the repository and find the password for the next level.

Commands you may need to solve this level

  • git

My Answer (Step by step)

  1. 連線到伺服器並登入
ssh bandit28@bandit.labs.overthewire.org -p 2220
  1. 透過 mktemp 指令產生暫存資料夾,並透過 cd 指令進入它,以便稍後 clone git repo
mktemp -d
cd /tmp/tmp.7nsZP0LSGd
  1. 透過 git 指令將 repo clone 下來
git clone ssh://bandit28-git@localhost:2220/home/bandit28-git/repo
  1. 透過 cd 指令進入 repo 資料夾,並透過 ls 指令查看資料夾內容
cd repo
ls
# README.md
  1. 透過 cat 指令讀取 README.md 檔案,發現沒有密碼 :(
cat README.md
# # Bandit Notes
# Some notes for level29 of bandit.

# ## credentials

# - username: bandit29
# - password: xxxxxxxxxx
  1. 透過 git log 指令可以取得 repo 歷史版本,發現有多個版本
git log

根據指令結果說明,此 repo 有三個 commit,根據每一個 commit message 的描述,密碼最有可能藏在第二個 commit 中

  1. 透過 git checkout 指令切換版本,並重新透過 cat 指令讀取 README.md 檔案,發現 Level 29 密碼!
git checkout 3621d
cat README.md