Labels

OverTheWire Bandit Level 19->Level 20 - Walkthrough

Cybersecurity - OverTheWire Bandit Solutions
OverTheWire Bandit Solutions

Introduction

In this post, I will be giving you a walkthrough to the Bandit wargame Level 19->Level 20. We will learn little bit about the Linux file permissions which will help us clear the level.

Goal

To gain access to the next level, you should use the setuid binary in the home directory. Execute it without arguments to find out how to use it. The password for this level can be found in the usual place (/etc/bandit_pass), after you have used the setuid binary.

Login Details

Server - bandit.labs.overthewire.org
Port - 2220
Username - bandit19
Password - awhqfNnAbc1naukrpqDYcF95h7HoMTrC

Theory

Linux file permissions is a vast topic in itself. Mainly three types of permissions are granted in linux - read, write, execute. The permissions are associated with the file/directory owner, group and all other users. Each file/directory has an owner and a group that is associated with it. Use the command "ls -l" to see the file permissions as below-:


The first letter tells whether it is a file(-) or a directory(d). The following letters tell the permissions. The permissions follow the first letter like rwxrwxrwx. They are read in a group of 3 for the owner, group and user from left to right. So for example, permission written like "rwxrw-r--" will be read as-:

  • rwx - read, write, execute permissions for the owner
  • rw- - read and write permissions for the group
  • r-- - read only permission for other users
The third column tells the owner whereas the fourth column tells the group name.

Suid is a special permission for the user access level and always executes as the user who owns the file, no matter who is passing the command.

Solution

SSH into the user bandit19 using the command "ssh bandit19@bandit.labs.overthewire.org -p 2220" and the above password. Type the command "ls -la" to check the owner and permission details.

In this case, the owner is bandit20 whereas the group owner is bandit19. Notice the permissions - "rwsr-x---" which means that the user(bandit19) in which we are logged in can execute the binary as the owner(bandit20). Therefore, we can access the bandit20 user's password file which can only be read by the user bandit20.

Type the command "./bandit20-do cat /etc/bandit_pass/bandit20" to get the password.

This completes Level 20 walkthrough as we got the password. Please post your doubts and questions in the comment section.

Labels:

Comments

Post a Comment

Popular Posts