Cavey's Blog

Level Goal#

There is a git repository at ssh://bandit29-git@localhost/home/bandit29-git/repo via the port 2220. The password for the user bandit29-git is the same as for the user bandit29.

Clone the repository and find the password for the next level.

My Answer (Step by step)#

1. 連線到伺服器並登入

1
ssh bandit29@bandit.labs.overthewire.org -p 2220

2. 透過 mktemp 指令產生暫存資料夾，並透過 cd 指令進入它，以便稍後 clone git repo

1
mktemp -d
2
cd /tmp/tmp.donk1bH1gq

3. 透過 git 指令將 repo clone 下來

1
git clone ssh://bandit29-git@localhost:2220/home/bandit29-git/repo

4. 透過 cd 指令進入 repo 資料夾，並透過 ls 指令查看資料夾內容

1
cd repo
2
ls
3
# README.md

5. 透過 cat 指令讀取 README.md 檔案，發現沒有密碼 :(

1
cat README.md
2
# # Bandit Notes
3
# Some notes for bandit30 of bandit.
4

5
# ## credentials
6

7
# - username: bandit30
8
# - password: <no passwords in production!>

{{< alert info >}} 根據指令結果說明，當前分支可能為生產分支(production branch)，密碼可能藏在開發分支(development branch)中 {{< /alert >}}

6. 透過 git branch 指令查看該 repo 有哪些分支

1
git branch -a
2
# * master
3
#   remotes/origin/HEAD -> origin/master
4
#   remotes/origin/master
5
#   remotes/origin/sploits-dev

7. 透過 git checkout 指令切換分支至 remotes/origin/dev，並重新透過 cat 指令讀取 README.md 檔案，發現 Level 30 密碼!

1
git checkout remotes/origin/dev
2
cat README.md
3
# # Bandit Notes
4
# Some notes for bandit30 of bandit.
5

6
# ## credentials
7

8
# - username: bandit30
9
# - password: qp30ex3VLz5MDG1n91YowTv4Q8l7CDZL