OverTheWire: Bandit Level 29 → Level 30

https://overthewire.org/wargames/bandit/bandit30.html

Level Goal

Commands you may need to solve this level

> whatis git
Git (3pm) - Perl interface to the Git version control system
git (1) - the stupid content tracker

Helpful Reading Material

Solution

From the question we understand that in this level we are going to be working with Git. Before we clone the repository lets make an folder in the /tmp directory as from some of the previous levels we know we only have proper permissions to save files in the /tmp folder.

bandit29@bandit:~$ cd /tmp/bandit29@bandit:/tmp$ mkdir git_level29bandit29@bandit:/tmp$ cd git_level29bandit29@bandit:/tmp/git_level29$

Now that we have created our working directory lets clone the repository.

The password for the repository is the same as bandit29

Password : bbc96594b4e001778eee9975372716b2

Now that we the repository cloned to our machine. Lets see what are the files that are present in the repository.

We see that there is a file called as “README.md” in the folder. Lets have a look at the contents of this file.

Note : The .git directory found in the repository is created by git that consists of files that are required for the proper functioning of the features that are provided by git.

bandit29@bandit:/tmp/git_level29/repo$ cat README.md 
# Bandit Notes
Some notes for bandit30 of bandit.
## credentials- username: bandit30
- password: <no passwords in production!>

Similar to last time looks like we do not find a password in the file. If we look closely at the message “No passwords in Production” we understand that we are given a clue as to where to look for the password. Git has the ability of creating branches. So if production is an branch there might be another branch for development purposes that has the password.

We can view all the branches present in git using the branch -a option.

We see that there is an branch called “dev” lets have a look at this branch and see if we can find the password.

And there we go we have found the password for the next level !!!

Logout of the current session and login as bandit30 to start the next level

> ssh bandit30@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit30@bandit.labs.overthewire.org's password: 5b90576bedb2cc04c86a9e924ce42faf

Computer Engineer | Cyber Security Enthusiast

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store