OverTheWire Bandit Level 28->Level 29 - Walkthrough

OverTheWire Bandit Solutions

Introduction

In this post, I will be giving you a walkthrough to the Bandit wargame Level 28->Level 29. We will utilize the git command learnt in the previous level and get the password.

Goal

There is a git repository at ssh://bandit28-git@localhost/home/bandit28-git/repo via the port 2220. The password for the user bandit28-git is the same as for the user bandit28.

Clone the repository and find the password for the next level.

Login Details

Server - bandit.labs.overthewire.org
Port - 2220
Username - bandit28
Password - AVanL161y9rsbcJIsFHuw35rjaOM19nR

Theory

As mentioned in the Level 28 walkthrough, git is used to track changes to the files. Therefore, we will utilize this capability of git and see its previous commits to find the password.

git log command is used to view the commits made to a file. The output is displayed in reverse chronological order by default.

git checkout command is used to navigate between the branches created by git branch. Checking out a branch updates the files in the working directory to match the version stored in that branch and it tells git to record all new commits on that branch.

Solution

SSH into the user bandit28 using the command "ssh bandit28@bandit.labs.overthewire.org -p 2220" and the above password. Create a directory in /tmp folder. 
Type the commands-:

• mkdir /tmp/temporary28git
• cd /tmp/temporary28git

Now clone the git repository using the below command. Enter the password for bandit28 when asked.

• git clone ssh://bandit28-git@localhost:2220/home/bandit28-git/repo

Note- The port number needs to be placed after localhost otherwise the default port will be used to connect and it will fail.

Now we have the repository cloned to our machine, so lets see the contents present inside the repository. Type the commands-:

• ls
• cd repo
• ls -la

We can see that there is a file by the name "README.md" in the folder. Type the command "cat README.md" to see its contents.

Notice that the password for bandit29 is censored. So there is a possibility that in one of the previous commits the password was present in plain text. Type the command "git log" to see the previous commits.

We can see that first the README.md file was created, then some missing data was added(possibly the password) and in the latest commit information leak was fixed. So if we go back one commit, we should be able to get the credentials.

Type the command "git checkout f08b9cc63fa1a4602fb065257633c2dae6e5651b" to go to the previous version. Type the command "cat README.md" to view the password for bandit29.

This completes Level 29 walkthrough as we have got the password. Please explore more on the git commands and try to complete this level in other ways. Please post your doubts and questions in the comment section.