Git/Linux Hacking | Bandit: OverTheWire (Level 30)
Key Takeaways
Solves Bandit level 30 on OverTheWire using Git/Linux hacking techniques
Full Transcript
hey guys John Hammond here bandit level 30 from the new over the wire levels so I've got the repository downloaded and cloned and everything after I've logged into the account here so let's just dive right in now that it's created the normal steps that I've been going through and a couple of the other ones were checking out the files that we have currently in the in the repository they say it's just an empty file so we'll check out the log messages see if there are any previous commits and that's all that we have so obviously just get showing that there was nothing that was there before it's the only commit there ever was so I figured okay well I'll learn my lesson from the last level check out the branches and there's nothing else particularly interesting there I check out ok what are all the references that we've seen so far well we are just again at the head of the clone from here so what I started to do is I started to explore some more of the get internals because you'll see that whenever you have a git repository you have this dot git folder that is created whenever you run git init or clone repository etc so if you move into that directory you've got other interesting things you can look at a little bit of the internals and kind of more that you can read about as how git works the PAC files that it uses between Z Lib compression its deflate etc blah blah blah and the references so that's something that I want to check out because I checked out this PAC refs folder or file sorry so I explored that and we have the initial commit message that we saw up top the same sha-1 hash but there's something else here we have a refs tag secret so I want to check out what that was I figured well I will take a look at this get show that hash and it gives me another hash this is kind of confusing because you may think like well that's probably just another sha-1 identifier but it's not it is actually the password for the next level that is going to get us to bandit 31 so let's keep track of that make sure that we save it and I want to show this to you because I thought it was kind of funny and interesting I jumped on this bandwagon of looking at these new over the wire tutorial or abandoned level sorry because they're released just yesterday so why was trying to go through them like as soon as I could and this was all around the same time that I occur to this discord server for some more some more communication and cool conversations between the people that actually follow and watch me following the stream and we were looking at Bandit together and you can see originally last night Saturday July 21st this has a different commit message than what it has like right now like this was Sunday July 22nd with a different commit message so I thought that was kind of peculiar because when we were going through this last night I was talking with this other individual Dee colt super cool guy on the on the server and we kept like poking at this we kept looking all around but no matter what we were doing we just couldn't find it we were looking at packed files we were reading up on it and then this morning Dee called props to him honestly he was the one that found what seemed to be the solution but then we kind of realized that hey the challenge had changed like from last night we have the new commit message we have the new timestamp on it but he found this cool guide wildly inaccurate a hackers guide to get and this had a bunch of really interesting stuff so I was looking at some more about the tags I ran show ref I think and that determined okay these are the other references that we're looking at here if I if you actually do that get show - ref it will give us okay here is that same shot one hash that we looked at just now in the packed files and the pack refs and I thought that was really kind of interesting because once we solve it we were like oh hang on this was different from last night so I showed that to him and it says this looks different because this is the current 1.179 hash and then this is the previous stuff that I had looked at the other night when it was three three to seven and a completely different time so from some conversations with the people it looked like the solution to this wasn't even in the original release that's kind of awesome to see just kind of the creators of bandit and over the wire guys releasing these challenges and creating new ones like as we are moving through them that was really really cool so hey if you aren't on the discord server please totally check it out link will be in description please come and hang out with us if you like cool CTF hackers cyber programmer guys come join the party and I want to give a shout out to the people who love me on patreon so if you are not on that bandwagon already I would be SuperDuper grateful if you would join this list of awesome people I want to say thank you and I said at the end of every video because I can't say it enough it's incredible and really surreal to me that you've been willing to kind of jump jump on this this thing with me attack attack YouTube and kind of I don't know showcase some cool stuff so thank you for being willing to go on this journey with me $1 are on $1 a month on patreon will give you a shout out just like this at the end of every video $5 a month will give you early access to everything I create on YouTube but just before it's released if you did like this video please you press that like button maybe leave me a comment if you're willing to subscribe and check me out on patreon discord in my website
Original Description
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: https://patreon.com/johnhammond010
E-mail: johnhammond010@gmail.com
PayPal: http://paypal.me/johnhammond010
GitHub: https://github.com/JohnHammond
Site: http://www.johnhammond.org
Twitter: https://twitter.com/_johnhammond
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from John Hammond · John Hammond · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Code Commentaries? PHP to JavaScript in Bash and PHP!
John Hammond
Tutorials? MySQL connection with PHP and Bash!
John Hammond
Variable Naming in Python! Happy Birthday, Linux! Nokia N900!
John Hammond
JavaScript Splits The URL!
John Hammond
HTML Tables in Python!
John Hammond
HTML, Net Shares, GML!
John Hammond
Python 08 Programming Style and Comments
John Hammond
Python 26 Object Oriented Programming
John Hammond
75 Python Tutorials, Out Now!
John Hammond
Batch 14 Mathematical Expressions
John Hammond
Batch 85 Array Append
John Hammond
Batch 86 Array Count
John Hammond
Batch 87 Array Index
John Hammond
Batch 88 Array Insert
John Hammond
Batch 89 Array Remove
John Hammond
Batch 90 Array Reverse
John Hammond
Python [colorama] 00 Installing on Linux
John Hammond
Python [colorama] 09 Cursor Position
John Hammond
Python [hashlib] 02 Algorithms
John Hammond
Python 00 Installing IDLE on Linux
John Hammond
Python [pygame] 11 Rectangular Collision Detection
John Hammond
Python [pygame] 12 Platforming Rectangular Collision Resolution
John Hammond
Python [XML-RPC] 01 Research
John Hammond
Python [pyenchant] 03 Personal Word Lists
John Hammond
FancyURLopener Authentication and User-Agent [urllib] 03
John Hammond
Python 04: PEP8 Coding
John Hammond
Python Challenge! 17 COOKIES
John Hammond
Google CTF 2016: Ernst Echidna
John Hammond
Google CTF 2016: Spotted Quoll
John Hammond
Google CTF 2016: Can you Repo It?
John Hammond
Google CTF 2016: No Big Deal
John Hammond
Google CTF 2016: In Recorded Conversation
John Hammond
Homemade CTF Challenge: 01 "Orchestra"
John Hammond
Homemade CTF Challenge: 02 "Bae's Base"
John Hammond
Homemade CTF Challenge: 03 "Web Hunt"
John Hammond
Homemade CTF Challenge: 04 "UPX"
John Hammond
Homemade CTF Challenge: 05 "The Assumption Song"
John Hammond
Homemade CTF Challenge: 06 "A Brisk Stroll"
John Hammond
Homemade CTF Challenge: 06 "I lost my password!"
John Hammond
web25 :: Mr. Robot : EKOPARTY CTF 2016
John Hammond
web50 : RFC 7230 :: EKOPARTY CTF 2016
John Hammond
misc50 : Hidden inside EKO :: EKOPARTY CTF 2016
John Hammond
Hack The Vote 2016 CTF: Sander's Fan Club [web100]
John Hammond
Hack The Vote 2016 CTF Warpspeed [forensics150]
John Hammond
Juniors CTF 2016 :: Black Suprematic Square
John Hammond
Juniors CTF 2016 :: Six Strange Tales
John Hammond
Juniors CTF 2016 :: Lost Code
John Hammond
Juniors CTF 2016 :: Here Goes!
John Hammond
Juniors CTF 2016 :: Southern Cross
John Hammond
Juniors CTF 2016 :: Clone Attack
John Hammond
Juniors CTF 2016 :: Dirty Repo
John Hammond
Juniors CTF 2016 :: Hackers Blog
John Hammond
Juniors CTF 2016 :: Voting!!!
John Hammond
Juniors CTF 2016 :: The Good, The Bad and The Junkman
John Hammond
Juniors CTF 2016 :: Stop Thief!
John Hammond
Juniors CTF 2016 :: ROFL
John Hammond
Juniors CTF 2016 :: Restriced Area
John Hammond
Juniors CTF 2016 :: Oh SSH!
John Hammond
HackCon CTF 2017 TRIVIA and BONUS Challenges
John Hammond
HackCon CTF 2017 "Bacche" Challenges
John Hammond
Related Reads
📰
📰
📰
📰
Vulnhub: Shenron-1 Walkthrough
Medium · Cybersecurity
The Day I Realized Technology Is About People, Not Just Code
Medium · Cybersecurity
🚀 I Built CODELIVLY — A Platform to Learn Cybersecurity Through Hands-On Practice
Dev.to · Rocky
The Silent Killer in Your Node.js APIs: Mass Assignment & How to Catch It Before Production
Medium · AI
🎓
Tutor Explanation
DeepCamp AI