There is a git repository at ssh://bandit29-git@localhost/home/bandit29-git/repo. The password for the user bandit29-git is the same as for the user bandit29. Clone the repository and find the password for the next level.
Commands you may need to solve this level: git
So lets rename the folder repo we made in the last challange, because the folder we want to clone is called repo aswell.
$ mv repo repo28. Lets go into the directory
$ cd repo and see what is in it
$ ls -la.
So lets cat the README.md file.
$ cat README.md. It states:
# Bandit Notes Some notes for bandit30 of bandit. ## credentials - username: bandit30 - password:
Okay so lets try what we did on the last bandit challange. See the commits with
$ git log.
ad6c5650 diff --git a/README.md b/README.md index 1af21d3..2da2f39 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,6 @@ Some notes for bandit30 of bandit. ## credentials -- username: bandit30 +- username: bandit29 - password:
So it removed the username bandit30 and added bandit29. Interesting, no passwords in production so maybe there is a github that is not in production or a version that isn’t. With
$ git branch we can see on wich branch we are, we are on master. But can we see any others?
So I googled and I came to the command
$ git show-branch --all. Tried it and this was the output:
* [master] fix username ! [origin/HEAD] fix username ! [origin/dev] add data needed for development ! [origin/master] fix username ! [origin/sploits-dev] add some silly exploit, just for shit and giggles ----- + [origin/sploits-dev] add some silly exploit, just for shit and giggles + [origin/dev] add data needed for development + [origin/dev^] add gif2ascii *++++ [master] fix username
Okay there is some interesting stuff. Lets lookup how we can get into these. I tried different git checkout commands like
$ git checkout -b origin/dev but this made a new branch? So after some googling and looking on stackoverflow I found this command.
$ git remote show which shows me the origin, then I tried
$ git remote show origin and found three different remote branches wich looked familair.
* remote origin Fetch URL: ssh://bandit29-git@localhost/home/bandit29-git/repo Push URL: ssh://bandit29-git@localhost/home/bandit29-git/repo HEAD branch: master Remote branches: dev tracked master tracked sploits-dev tracked Local branch configured for 'git pull': master merges with remote master Local ref configured for 'git push': master pushes to master (up to date)
Lets do some more googling in how I can get these. I came up on This stackoverflow page and found the command
$ git checkout. Lets try
$ git checkout dev It gave me this output:
git checkout dev Branch dev set up to track remote branch dev from origin. Switched to a new branch 'dev
Seems like we switched to the development branch, this should not be the production branch. So lets see the contents of the readme.md file now.
$ cat README.md and there is the password.
# Bandit Notes Some notes for bandit30 of bandit. ## credentials - username: bandit30 - password: 5b90576bedb2cc04c86a9e924ce42faf