Challenge Information
- Platform: OverTheWire (Bandit)
- Difficulty: Easy
- Category: Linux
Overview
There is a git repository at ssh://bandit28-git@bandit.labs.overthewire.org/home/bandit28-git/repo via the port 2220. The password for the user bandit28-git is the same as for the user bandit28.
From your local machine (not the OverTheWire machine!), clone the repository and find the password for the next level. This needs git installed locally on your machine.
Solution
Clone the repository.
git clone ssh://bandit28-git@bandit.labs.overthewire.org:2220/home/bandit28-git/repo
In this repo there is a README.md file with the following content ծ_Ô.
We can try to see if this repo has any commit history by using git log.
This seems to be the case. The commit message suggests that there is a leak in previous commits. Lets checkout an earlier commit.
git checkout 8b7c
Now cat the README.md and we get the password.
Lessons Learned
- Looking at different commits.
Tools Used
sshgit