OverTheWire Bandit Level 32->Level 33 - Walkthrough

OverTheWire Bandit Solutions

Introduction

In this post, I will be giving you a walkthrough to the Bandit wargame Level 32->Level 33. We will learn about shell variables and use a special variable to clear the level.

Goal

After all this git stuff its time for another escape. Good luck! Figure out a way and get the password for the next level from the shell.

Login Details

Server - bandit.labs.overthewire.org
Port - 2220
Username - bandit32
Password - rmCBvG56y58BXzv98yZGd07ATVL5dW8y

Theory

In the walkthrough for Level 22->Level 23, we had discussed about the Linux variables that store some value. This level requires a special variable available in bash denoted by '$0' which holds the name of the file/script that is being executed. We will use this to spawn a new shell and apply the concepts learnt in previous levels to get the password.

Solution

SSH into the user bandit32 using the command "ssh bandit32@bandit.labs.overthewire.org -p 2220" and the above password. As soon as we login, we can see that we are not in the regular bash shell that we had used so far. Whatever command we type, we are getting an error.

Utilize the special variable '$0' to get the bash shell. Type '$0' on the command line to spawn a new shell. This will allow us to write the commands and get the password.

Type "ls -la" to list the details of all the files present.

We can see that the SUID bit is set for the file 'uppershell' and it is owned by bandit33. Therefore, type the below commands to get the password-:

• whoami
• cat /etc/bandit_pass/bandit33

This completes the walkthrough for Level 33 as we have got the password. Please post your doubts and questions in the comment section.