Level
Goal
There is a git repository at ssh://bandit29-git@localhost/home/bandit29-git/repo via the port 2220. The password for the user bandit29-git is the same as for the user bandit29.
Clone the repository and find the password for the next level.
2220번 포트를 통해 ssh://bandit29-git@localhost/home/bandit29-git/repo에 접속하면 git 저장소에 접근할 수 있다. bandit29-git 유저의 패스워드는 bandit29 유저의 패스워드와 동일하다.
저장소를 클론해 다음 레벨의 패스워드를 찾아라.
Commands you may need to solve this level
git
Exploit
bandit29@bandit:/tmp/tmp.8IkHYutqzG/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.
## credentials
- username: bandit30
- password: <no passwords in production!>production에는 패스워드가 없다는 메세지를 볼 수 있다. 여기서 그냥 떠오르는 것은 production이 현재 branch를 의미한다면, 다른 branch에서는 패스워드의 내용을 확인할 수 있지 않을까 하는 것이다.
bandit29@bandit:/tmp/tmp.8IkHYutqzG/repo$ git branch -a
* master
remotes/origin/HEAD -> origin/master
remotes/origin/dev
remotes/origin/master
remotes/origin/sploits-dev로컬에는 master branch만 존재한다. 리모트의 모든 branch를 확인해보니 다른 branch가 더 있었다. 우선 remotes/origin/dev로 이동해 로그를 확인한다.
bandit29@bandit:/tmp/tmp.8IkHYutqzG/repo$ git checkout remotes/origin/dev
Note: switching to 'remotes/origin/dev'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:
git switch -c <new-branch-name>
Or undo this operation with:
git switch -
Turn off this advice by setting config variable advice.detachedHead to false
HEAD is now at 1d160de add data needed for developmentbandit29@bandit:/tmp/tmp.8IkHYutqzG/repo$ git log
commit 1d160de5f8f647f00634bbf3d49b9244275217b6 (HEAD, origin/dev)
Author: Morla Porla <morla@overthewire.org>
Date: Thu Oct 5 06:19:43 2023 +0000
add data needed for development
bandit29@bandit:/tmp/tmp.8IkHYutqzG/repo$ git show 1d160de5f8f647f00634bbf3d49b9244275217b6가장 최근 커밋을 확인해보니 이 branch에서 패스워드를 수정했음을 알 수 있었다.
10