Labels

OverTheWire Bandit Level 29->Level 30 - Walkthrough

Cybersecurity - OverTheWire Bandit Solutions
OverTheWire Bandit Solutions

Introduction

In this post, I will be giving you a walkthrough to the Bandit wargame Level 29->Level 30. We will learn about git branching and apply it to get the password for next level.

Goal

There is a git repository at ssh://bandit29-git@localhost/home/bandit29-git/repo via the port 2220. The password for the user bandit29-git is the same as for the user bandit29.
Clone the repository and find the password for the next level.

Login Details

Server - bandit.labs.overthewire.org
Port - 2220
Username - bandit29
Password - tQKvmcwNYcFS6vmPHIUSI3ShmsrQZK8S

Theory

As mentioned in the previous level walkthroughs, git is a version control system. git branching is an important feature of a version control system. It allows splitting of the master branch into different branches. So if the master branch has the production software available then we can split it to a different branch which can be used to fix the bugs or add new features while still the software will be accessible through the other branch. Once the updates are done then it can be integrated back to the master branch and the features will be available to the end user.

Solution

SSH into the user bandit29 using the command "ssh bandit29@bandit.labs.overthewire.org -p 2220" and the above password. Create a directory in /tmp folder and clone the git repository in the new folder. 
Type the commands-:

  • mkdir /tmp/temporary29git
  • cd /tmp/temporary29git
  • git clone ssh://bandit29-git@localhost:2220/home/bandit29-git/repo
Note- The port number needs to be placed after localhost otherwise the default port will be used to connect and it will fail.

Navigate into the repository and see the contents. Type the commands-:

  • ls
  • cd repo
  • ls -la
  • cat README.md

Notice the message "No password in production" as it gives the indication that there might be more branches and the password could be present in one of them.

Type the command "git branch -a" to view all the branches.

We can see a "dev" branch is present which might have the password. Type the commands-:

  • git checkout remotes/origin/dev
  • ls -la
  • cat README.md



This completes Level 30 walkthrough as we have got the password. Please post your questions and doubts in the comment section.


Labels:

Comments

Post a Comment

Popular Posts