Level Goal
There is a git repository at ssh://bandit28-git@localhost/home/bandit28-git/repo. The password for the user bandit28-git is the same as for the user bandit28. Clone the repository and find the password for the next level.

Commands you may need to solve this level: git

So lets rename the folder repo we made in the last challange, because the folder we want to clone is called repo aswell. mv repo repo27. Lets go into the directory cd repo and see what is in it ls -la. There is a readme file. Lets cat this file cat README.md.

Okay so there is a username and password in here with xxxx. Lets see what we can do with the git command.

# Bandit Notes
Some notes for level29 of bandit.

## credentials

- username: bandit29
- password: xxxxxxxxxx

man git. There is a command git-diff to see changed between commits. Lets use this and see what we can see. git-diff. The command doesn’t work, manpage doesn’t explain much so lets google.
Then I found this

git diff --cached [filename] // compare the index with local repository.
You can also compare files between two different commits. Every commit in Git has a commit id which you can get when you give git log. 
Then you can use the commit id if diff command like this.

So lets use git log to get the git commit ids git log. Here we see the following 3 commits:

commit 073c27c130e6ee407e12faad1dd3848a110c4f95
Author: Morla Porla 
Date:   Tue Oct 16 14:00:39 2018 +0200

    fix info leak

commit 186a1038cc54d1358d42d468cdc8e3cc28a93fcb
Author: Morla Porla 
Date:   Tue Oct 16 14:00:39 2018 +0200

    add missing data

commit b67405defc6ef44210c53345fc953e6a21338cc7
Author: Ben Dover 
Date:   Tue Oct 16 14:00:39 2018 +0200

    initial commit of README.md

Lets see the diffrence between 186a1038cc54d1358d42d468cdc8e3cc28a93fcb and 073c27c130e6ee407e12faad1dd3848a110c4f95. git diff 186a1038cc54d1358d42d468cdc8e3cc28a93fcb 073c27c130e6ee407e12faad1dd3848a110c4f95

This is the output:

diff --git a/README.md b/README.md
index 3f7cee8..5c6457b 100644
--- a/README.md
+++ b/README.md
@@ -4,5 +4,5 @@ Some notes for level29 of bandit.
 ## credentials

 - username: bandit29
-- password: bbc96594b4e001778eee9975372716b2
+- password: xxxxxxxxxx

I think we found the password: bbc96594b4e001778eee9975372716b2, double check with sshen in bandit29, and it is!

Leave a Reply

Your email address will not be published. Required fields are marked *