Git/Linux Hacking | Bandit: OverTheWire (Level 29)

John Hammond · Intermediate ·🔐 Cybersecurity ·7y ago

Key Takeaways

Solves Bandit level 29 on OverTheWire using Git/Linux hacking techniques

Full Transcript

hey guys John Hammond here continuing on some of the Bandit over the wire levels that just recently came out looking at level 29 and it looks like they're up to like level 32 now so let's jump in this is another git repository that we can download once we connect to the user account so head on over to our terminal connect and let's make a directory for us to work in and then we can get cloned that repo suite yep we will need the password there so let's just get that out throw it in our great alright so we have the repository let's check out what this readme says it says okay potentials for bandit 30 but no password in production hmm so let's check out what other commits they might have been initial commute of readme okay let's get show that okay that's the same thing did I grabbed the wrong one or something whatever just try this one or it says we fixed user name oh yeah or mistily it was 30 though no okay originally it was 29 they fixed it to 30 so I see but still no change in the password okay so this this note of no password in production makes me think of like well this is the master branch right like if I check out what branch of the development I'm on I only see that I am on master but that's what we have downloaded right now is our local copy but there may be other remote branches or other like versions or like functionality of the software that needs to still be developed if you're doing this in a real like github repository so there is typically a development branch so if I wanted to see all the other possible branches I can do git branch tack a and there's some notes here the okay we have for most origin head where we are currently for origin master dev and a master and sploit stem so let's check out some of these and the way we can do that is literally get check out and in the name of that branch great okay so get logs you were at initial commit I've read me blah blah blah let's check out what this one is can get show that and no password there looks like it has just two ascii add data needed for developments was that the original one that we missed oh yeah okay great so just like that looks like we have the password for bandit 30 if we wanted to we could again check out those other branches and that will let us explore whatever that Floyd's dev was and other things that they have in there but something that I like to do and this is probably pretty cheesy and a bad hack but get log if I like to just grep for the commits and then I'll cut them up and get just the identifiers and I can scrape whatever I need if I don't want that last one but what I'll do I'll following that as I'll like Rao read line just pipe that into a while loop and then I'll do get show I think it's no page or something and it'll yell at me if I'm wrong yeah what is that and get show that doesn't paginate sometimes it will just completely ignore it no breathe all right I'm gonna abort that mission we can just like we don't need that that argument I may be thinking of a completely different command who knows or no page me or whatever but yeah sometimes you can just pipe it all out and give that to less or whatever you want to do and you can just try and find like okay here's everything in green or red that they actually modified or added in the repository by just using that sha-1 ID all along another cool thing is get grep like if we wanted to get grep for password you could track down like okay where was it wherever in whatever many cases and that's a good way to just search for a specific thing in wherever you are in your repository whatever branch or whatever can be message you're looking at etcetera so keep those in mind but this challenge was just about checking out the different branches that you can access then that get repository so keep note of bandit 30 again we've got that password saved and now we can move on to that in the next video so cool I want to give a small plug for the discord server that we just recently got started up after a stream that I tried for the first time this weekend it's a lot of cool people just kind of joking around having a great time jamming out talking about cyber talking about programming talking about CTS and hacking stuff so if you want to be part of that scene you want to hang it with other people that throw out memes and talk about code every now and again it's it's pretty cool so please come chime in and we'll go through some more challenges and do it for real along with that I want to give a special shout out to my supporters people that are giving me some love on patreon I cannot say thank you enough especially because this list is getting a little bit longer and it's it's really incredible to see you guys pour some love into this because I'm so so grateful you're willing to go on this adventure with me thanks so much $1 on patreon will give you a shout out just like this at the end of every video $5 a month on patreon will give you early access to any of the videos that are record no my record in bulk and I'll release them slowly YouTube will just gradually deploy them one after another like day by day but if you want them all at once from the videos ready just $5 a month that all it takes hey if you did like this video please do press that like button maybe leave me a comment if you're willing if you're subscribed if you want to or check us out on discord check me out on patreon go to my website Dublin do all the cool sharing thanks thanks guys see you next video

Original Description

If you would like to support me, please like, comment & subscribe, and check me out on Patreon: https://patreon.com/johnhammond010 E-mail: johnhammond010@gmail.com PayPal: http://paypal.me/johnhammond010 GitHub: https://github.com/JohnHammond Site: http://www.johnhammond.org Twitter: https://twitter.com/_johnhammond
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from John Hammond · John Hammond · 0 of 60

← Previous Next →
1 Code Commentaries? PHP to JavaScript in Bash and PHP!
Code Commentaries? PHP to JavaScript in Bash and PHP!
John Hammond
2 Tutorials? MySQL connection with PHP and Bash!
Tutorials? MySQL connection with PHP and Bash!
John Hammond
3 Variable Naming in Python! Happy Birthday, Linux! Nokia N900!
Variable Naming in Python! Happy Birthday, Linux! Nokia N900!
John Hammond
4 JavaScript Splits The URL!
JavaScript Splits The URL!
John Hammond
5 HTML Tables in Python!
HTML Tables in Python!
John Hammond
6 HTML, Net Shares, GML!
HTML, Net Shares, GML!
John Hammond
7 Python 08 Programming Style and Comments
Python 08 Programming Style and Comments
John Hammond
8 Python 26 Object Oriented Programming
Python 26 Object Oriented Programming
John Hammond
9 75 Python Tutorials, Out Now!
75 Python Tutorials, Out Now!
John Hammond
10 Batch 14 Mathematical Expressions
Batch 14 Mathematical Expressions
John Hammond
11 Batch 85 Array Append
Batch 85 Array Append
John Hammond
12 Batch 86 Array Count
Batch 86 Array Count
John Hammond
13 Batch 87 Array Index
Batch 87 Array Index
John Hammond
14 Batch 88 Array Insert
Batch 88 Array Insert
John Hammond
15 Batch 89 Array Remove
Batch 89 Array Remove
John Hammond
16 Batch 90 Array Reverse
Batch 90 Array Reverse
John Hammond
17 Python [colorama] 00 Installing on Linux
Python [colorama] 00 Installing on Linux
John Hammond
18 Python [colorama] 09 Cursor Position
Python [colorama] 09 Cursor Position
John Hammond
19 Python [hashlib] 02 Algorithms
Python [hashlib] 02 Algorithms
John Hammond
20 Python 00 Installing IDLE on Linux
Python 00 Installing IDLE on Linux
John Hammond
21 Python [pygame] 11 Rectangular Collision Detection
Python [pygame] 11 Rectangular Collision Detection
John Hammond
22 Python [pygame] 12 Platforming Rectangular Collision Resolution
Python [pygame] 12 Platforming Rectangular Collision Resolution
John Hammond
23 Python [XML-RPC] 01 Research
Python [XML-RPC] 01 Research
John Hammond
24 Python [pyenchant] 03 Personal Word Lists
Python [pyenchant] 03 Personal Word Lists
John Hammond
25 FancyURLopener Authentication and User-Agent [urllib] 03
FancyURLopener Authentication and User-Agent [urllib] 03
John Hammond
26 Python 04: PEP8 Coding
Python 04: PEP8 Coding
John Hammond
27 Python Challenge! 17 COOKIES
Python Challenge! 17 COOKIES
John Hammond
28 Google CTF 2016: Ernst Echidna
Google CTF 2016: Ernst Echidna
John Hammond
29 Google CTF 2016: Spotted Quoll
Google CTF 2016: Spotted Quoll
John Hammond
30 Google CTF 2016: Can you Repo It?
Google CTF 2016: Can you Repo It?
John Hammond
31 Google CTF 2016: No Big Deal
Google CTF 2016: No Big Deal
John Hammond
32 Google CTF 2016: In Recorded Conversation
Google CTF 2016: In Recorded Conversation
John Hammond
33 Homemade CTF Challenge: 01 "Orchestra"
Homemade CTF Challenge: 01 "Orchestra"
John Hammond
34 Homemade CTF Challenge: 02 "Bae's Base"
Homemade CTF Challenge: 02 "Bae's Base"
John Hammond
35 Homemade CTF Challenge: 03 "Web Hunt"
Homemade CTF Challenge: 03 "Web Hunt"
John Hammond
36 Homemade CTF Challenge: 04 "UPX"
Homemade CTF Challenge: 04 "UPX"
John Hammond
37 Homemade CTF Challenge: 05 "The Assumption Song"
Homemade CTF Challenge: 05 "The Assumption Song"
John Hammond
38 Homemade CTF Challenge: 06 "A Brisk Stroll"
Homemade CTF Challenge: 06 "A Brisk Stroll"
John Hammond
39 Homemade CTF Challenge: 06 "I lost my password!"
Homemade CTF Challenge: 06 "I lost my password!"
John Hammond
40 web25 :: Mr. Robot : EKOPARTY CTF 2016
web25 :: Mr. Robot : EKOPARTY CTF 2016
John Hammond
41 web50 : RFC 7230 :: EKOPARTY CTF 2016
web50 : RFC 7230 :: EKOPARTY CTF 2016
John Hammond
42 misc50 : Hidden inside EKO :: EKOPARTY CTF 2016
misc50 : Hidden inside EKO :: EKOPARTY CTF 2016
John Hammond
43 Hack The Vote 2016 CTF: Sander's Fan Club [web100]
Hack The Vote 2016 CTF: Sander's Fan Club [web100]
John Hammond
44 Hack The Vote 2016 CTF Warpspeed [forensics150]
Hack The Vote 2016 CTF Warpspeed [forensics150]
John Hammond
45 Juniors CTF 2016 :: Black Suprematic Square
Juniors CTF 2016 :: Black Suprematic Square
John Hammond
46 Juniors CTF 2016 :: Six Strange Tales
Juniors CTF 2016 :: Six Strange Tales
John Hammond
47 Juniors CTF 2016 :: Lost Code
Juniors CTF 2016 :: Lost Code
John Hammond
48 Juniors CTF 2016 :: Here Goes!
Juniors CTF 2016 :: Here Goes!
John Hammond
49 Juniors CTF 2016 :: Southern Cross
Juniors CTF 2016 :: Southern Cross
John Hammond
50 Juniors CTF 2016 :: Clone Attack
Juniors CTF 2016 :: Clone Attack
John Hammond
51 Juniors CTF 2016 :: Dirty Repo
Juniors CTF 2016 :: Dirty Repo
John Hammond
52 Juniors CTF 2016 :: Hackers Blog
Juniors CTF 2016 :: Hackers Blog
John Hammond
53 Juniors CTF 2016 :: Voting!!!
Juniors CTF 2016 :: Voting!!!
John Hammond
54 Juniors CTF 2016 :: The Good, The Bad and The Junkman
Juniors CTF 2016 :: The Good, The Bad and The Junkman
John Hammond
55 Juniors CTF 2016 :: Stop Thief!
Juniors CTF 2016 :: Stop Thief!
John Hammond
56 Juniors CTF 2016 :: ROFL
Juniors CTF 2016 :: ROFL
John Hammond
57 Juniors CTF 2016 :: Restriced Area
Juniors CTF 2016 :: Restriced Area
John Hammond
58 Juniors CTF 2016 :: Oh SSH!
Juniors CTF 2016 :: Oh SSH!
John Hammond
59 HackCon CTF 2017 TRIVIA and BONUS Challenges
HackCon CTF 2017 TRIVIA and BONUS Challenges
John Hammond
60 HackCon CTF 2017 "Bacche" Challenges
HackCon CTF 2017 "Bacche" Challenges
John Hammond

Related Reads

📰
Privacy Mask: Chrome extension to anonymize data
Learn how to anonymize sensitive work text with Privacy Mask, a Chrome extension, and protect your data before it's shared with AI chat tools
Dev.to AI
📰
Top Cryptocurrency Recovery Hub: Finding Legitimate Digital Asset Recovery Experts
Learn how to recover stolen cryptocurrencies with expert help from Quantum Vault Recuperation (QVR) and understand the importance of legitimate digital asset recovery services
Dev.to AI
📰
Reliable Cryptocurrency Recovery Service Helping Recover Hacked Digital Asset Wallets
Learn how Quantum Vault Recuperation helps recover hacked digital asset wallets using blockchain intelligence and forensic analysis
Dev.to AI
📰
Top Crypto Recovery Experts Specializing in Lost and Stolen Cryptocurrency Cases
Learn about Quantum Vault Recuperation (QVR), a trusted provider of cryptocurrency recovery services, and how they use blockchain intelligence to help individuals and businesses affected by crypto scams
Dev.to AI
Up next
NordVPN Vs ExpressVPN 2026 | Which VPN Should You Choose?
Tutorial Stack
Watch →