Bandit27 -> 28
1. There is a git repository at ssh://bandit27-git@localhost/home/bandit27-git/repo. The password for the user bandit27-git is the same as for the user bandit27.
Clone the repository and find the password for the next level.
※ git clone [REPO git 주소] : git의 저장소를 복제해오는 명령어
※ badnit27 PW : YnQpBuifNMas1hcUFk70ZmqkhUU2EuaS
01. git clone을 활용해서 bandit27-git/repo 다운로드
bandit27@bandit:/tmp/bn28$ git clone ssh://bandit27-git@localhost:2220/home/bandit27-git/repo
-> ssh의 포트 변경시 ':' 사용, 만약 기본포트를 사용시 ':'을 지워줘야한다(:를 호스트 네임으로 인식)
badnit27의 PW입력
02. 다운 받은 repo로 들어가서 bandit28의 비밀번호 확인
bandit27@bandit:/tmp/bn28$ ls
repo
bandit27@bandit:/tmp/bn28$ cd repo
bandit27@bandit:/tmp/bn28/repo$ ls
README
bandit27@bandit:/tmp/bn28/repo$ cat README
The password to the next level is: AVanL161y9rsbcJIsFHuw35rjaOM19nR
 |
 |
 |
 |
bandit28의 PW : AVanL161y9rsbcJIsFHuw35rjaOM19nR
ssh bandit28@bandit.labs.overthewire.org -p 2220
PW : AVanL161y9rsbcJIsFHuw35rjaOM19nR
Bandit28 -> 29
1. There is a git repository at ssh://bandit28-git@localhost/home/bandit28-git/repo. The password for the user bandit28-git is the same as for the user bandit28.
Clone the repository and find the password for the next level.
※ git --> 소스코드에 비밀번호, 관리자 아이디를 주석처리해서 저장하는 경우가 있음
※ git log : git에서 사용했던 명령어들을 확인하는 로그 명령어
※ git checkout : commit id를 통해 그 버전으로 돌아가는 명령어
01. git clone을 통해 bandit28 repo 복제
bandit28@bandit:/tmp/bn29$ git clone ssh://bandit28-git@localhost:2220/home/bandit28-git/repo
bandit28@bandit:/tmp/bn29/repo$ cat README.md
# Bandit Notes
Some notes for level29 of bandit.
## credentials
username: bandit29
password: xxxxxxxxx02. git log를 통해 로그 확인
bandit28@bandit:/tmp/bn29/repo$ git log
commit c6dc61e6ffdc717253130886555d087cac472f50 (HEAD -> master, origin/master, origin/HEAD)
Author: Morla Porla [morla@overthewire.org](mailto:morla@overthewire.org)
Date: Wed Jan 11 19:18:53 2023 +0000
commit c6dc61e6ffdc717253130886555d087cac472f50 (HEAD -> master, origin/master, origin/HEAD)
Author: Morla Porla [morla@overthewire.org](mailto:morla@overthewire.org)
Date: Wed Jan 11 19:18:53 2023 +0000
fix info leak
commit 2c1f82f75ab09c89166dd9e6e351bf479fb2d48f
Author: Morla Porla [morla@overthewire.org](mailto:morla@overthewire.org)
Date: Wed Jan 11 19:18:53 2023 +0000
add missing data
commit 444da53e268c462d39cf7441a3bbf7af1832e21f
Author: Ben Dover [noone@overthewire.org](mailto:noone@overthewire.org)
Date: Wed Jan 11 19:18:53 2023 +0000
initial commit of README.md03. git checkout을 통해 fix전으로 돌아가기
bandit28@bandit:/tmp/bn29/repo$ git checkout 2c1f82f75ab09c89166dd9e6e351bf479fb2d48f
04. README를 통해 bandit29 비밀번호 확인
bandit28@bandit:/tmp/bn29/repo$ cat README.md
# Bandit Notes
Some notes for level29 of bandit.
## credentials
- username: bandit29
- password: tQKvmcwNYcFS6vmPHIUSI3ShmsrQZK8S |
 |
 |
 |
 |
 |
bandit29의 PW : tQKvmcwNYcFS6vmPHIUSI3ShmsrQZK8S
ssh bandit29@bandit.labs.overthewire.org -p 2220
PW : tQKvmcwNYcFS6vmPHIUSI3ShmsrQZK8S
Bandit29 - >30
1. There is a git repository at ssh://bandit29-git@localhost/home/bandit29-git/repo. The password for the user bandit29-git is the same as for the user bandit29.
Clone the repository and find the password for the next level.
※ branch : 독립적으로 어떤 작업을 진행하기 위한 개념, 여러 작업을 동시에 진행할 수 있다!
- git branch - a : 모든 branch 확인
- git checkout [git branch] : branch 를 통해 그 버전으로 돌아가는 명령어
bandit29 PW : tQKvmcwNYcFS6vmPHIUSI3ShmsrQZK8S
01. git clone 명령어를 통해 ssh://bandit29-git@localhost:2220/home/bandit29-git/repo에서 repo 다운받기
bandit29@bandit:/tmp/bn30$ git clone ssh://bandit29-git@localhost:2220/home/bandit29-git/repo
bandit29@bandit:/tmp/bn30$ cd repo/
02. repo 디렉토리에서 README 파일 확인하기
bandit29@bandit:/tmp/bn30/repo$ ll
-rw-rw-r-- 1 bandit29 bandit29 131 Jan 23 10:12 README.md
bandit29@bandit:/tmp/bn30/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.
## credentials
- username: bandit30
- password: <no passwords in production!03. git log를 통해 이전 커밋으로 돌아가서 README파일 확인하기
bandit29@bandit:/tmp/bn30/repo$ git log
commit 8159c819f4d37d9491254035c9e74ffcb316652e (HEAD -> master, origin/master, origin/HEAD)
Author: Ben Dover <noone@overthewire.org>
Date: Wed Jan 11 19:18:54 2023 +0000
fix username
commit 23706c87f70872af9f04744569f7b6273647fb14
Author: Ben Dover <noone@overthewire.org>
Date: Wed Jan 11 19:18:54 2023 +0000
initial commit of README.md03-1) git checkout으로 돌아가서 README.md 확인!
bandit29@bandit:/tmp/bn30/repo$ git checkout 23706c87f70872af9f04744569f7b6273647fb14
bandit29@bandit:/tmp/bn30/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.
## credentials
- username: bandit29
- password: <no passwords in production!>04.branch를 확인하고 수상한 branch로 checkout해서 확인해보기
bandit29@bandit:/tmp/bn30/repo$ git branch -a
* (HEAD detached at 23706c8)
master
remotes/origin/HEAD -> origin/master
remotes/origin/dev
remotes/origin/master
remotes/origin/sploits-de※ dev(Development): 주로 개발의 약자로 가장 수상한 branch중 하나
04-1) git checkout [branch]를 통해 수상한 dev branch로 불러오기
bandit29@bandit:/tmp/bn30/repo$ git checkout remotes/origin/dev
Previous HEAD position was 23706c8 initial commit of README.md
HEAD is now at be91af8 add data needed for development
bandit29@bandit:/tmp/bn30/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.
## credentials
- username: bandit30
- password: xbhV3HpNGlTIdnjUrdAlPzc2L6y9EOnS |
 |
 |
 |
 |
 |
bandit30의 PW : xbhV3HpNGlTIdnjUrdAlPzc2L6y9EOnS
ssh bandit30@bandit.labs.overthewire.org -p 2220
PW : xbhV3HpNGlTIdnjUrdAlPzc2L6y9EOnS
'개인 공부 > Bandit' 카테고리의 다른 글
| Bandit 30 ~ 32 (0) | 2023.04.13 |
|---|---|
| Bandit 24 ~ 26 (0) | 2023.04.09 |
| Bandit 21 ~ 23 (0) | 2023.04.08 |
| Bandit 17 ~ 20 (0) | 2023.04.07 |
| Bandit 13 ~ 16 (0) | 2023.04.06 |
