Wargames与bash知识19

  • 开发
  • 26

Wargames与bash知识19

Bandit28

关卡提示:

有一个git存储库位于ssh://bandit28-git@localhost/home/bandit28 git/repo通过端口2220。用户bandit28git的密码与用户bandit28的密码相同。克隆存储库并查找下一级别的密码。

bandit28@bandit:~$ ls -al
total 20
drwxr-xr-x  2 root root 4096 Oct  5 06:19 .
drwxr-xr-x 70 root root 4096 Oct  5 06:20 ..
-rw-r--r--  1 root root  220 Jan  6  2022 .bash_logout
-rw-r--r--  1 root root 3771 Jan  6  2022 .bashrc
-rw-r--r--  1 root root  807 Jan  6  2022 .profile

创建目录,克隆

bandit28@bandit:~$ mkdir /tmp/bdit29
bandit28@bandit:~$ cd /tmp/bdit29
bandit28@bandit:/tmp/bdit29$ git clone ssh://bandit28-git@localhost:2220/home/bandit28-git/rpepo
Cloning into 'rpepo'...
The authenticity of host '[localhost]:2220 ([127.0.0.1]:2220)' can't be established.
ED25519 key fingerprint is SHA256:C2ihUBV7ihnV1wUXRb4RrEcLfXC5CXlhmAAM/urerLY.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Could not create directory '/home/bandit28/.ssh' (Permission denied).
Failed to add the host to the list of known hosts (/home/bandit28/.ssh/known_hosts).
                         _                     _ _ _
                        | |__   __ _ _ __   __| (_) |_
                        | '_ \ / _` | '_ \ / _` | | __|
                        | |_) | (_| | | | | (_| | | |_
                        |_.__/ \__,_|_| |_|\__,_|_|\__|


                      This is an OverTheWire game server.
            More information on http://www.overthewire.org/wargames

bandit28-git@localhost's password:
fatal: '/home/bandit28-git/rpepo' does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
bandit28@bandit:/tmp/bdit29$ git clone ssh://bandit28-git@localhost:2220/home/bandit28-git/repo
Cloning into 'repo'...
The authenticity of host '[localhost]:2220 ([127.0.0.1]:2220)' can't be established.
ED25519 key fingerprint is SHA256:C2ihUBV7ihnV1wUXRb4RrEcLfXC5CXlhmAAM/urerLY.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Could not create directory '/home/bandit28/.ssh' (Permission denied).
Failed to add the host to the list of known hosts (/home/bandit28/.ssh/known_hosts).
                         _                     _ _ _
                        | |__   __ _ _ __   __| (_) |_
                        | '_ \ / _` | '_ \ / _` | | __|
                        | |_) | (_| | | | | (_| | | |_
                        |_.__/ \__,_|_| |_|\__,_|_|\__|


                      This is an OverTheWire game server.
            More information on http://www.overthewire.org/wargames

bandit28-git@localhost's password:
remote: Enumerating objects: 9, done.
remote: Counting objects: 100% (9/9), done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 9 (delta 2), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (9/9), done.
Resolving deltas: 100% (2/2), done.

查看README.d 未获取到密码

bandit28@bandit:/tmp/bdit29$ ls
repo
bandit28@bandit:/tmp/bdit29$ vf repo
vf: command not found
bandit28@bandit:/tmp/bdit29$ cd repo/
bandit28@bandit:/tmp/bdit29/repo$ ls
README.md
bandit28@bandit:/tmp/bdit29/repo$ cat README.md
# Bandit Notes
Some notes for level29 of bandit.

## credentials

- username: bandit29
- password: xxxxxxxxxx

bandit28@bandit:/tmp/bdit29/repo$ file README.md
README.md: ASCII text

git太不熟悉了,需要找本书看看。

bandit28@bandit:/tmp/bdit29/repo$ ls -al
total 16
drwxrwxr-x 3 bandit28 bandit28 4096 Jan 16 01:51 .
drwxrwxr-x 3 bandit28 bandit28 4096 Jan 16 01:46 ..
drwxrwxr-x 8 bandit28 bandit28 4096 Jan 16 01:46 .git
-rw-rw-r-- 1 bandit28 bandit28  111 Jan 16 01:46 README.md
bandit28@bandit:/tmp/bdit29/repo$ cd ./.git
bandit28@bandit:/tmp/bdit29/repo/.git$ ls
branches  config  description  HEAD  hooks  index  info  logs  objects  packed-refs  refs
bandit28@bandit:/tmp/bdit29/repo/.git$ ls -al
total 52
drwxrwxr-x 8 bandit28 bandit28 4096 Jan 16 01:46 .
drwxrwxr-x 3 bandit28 bandit28 4096 Jan 16 01:51 ..
drwxrwxr-x 2 bandit28 bandit28 4096 Jan 16 01:46 branches
-rw-rw-r-- 1 bandit28 bandit28  281 Jan 16 01:46 config
-rw-rw-r-- 1 bandit28 bandit28   73 Jan 16 01:46 description
-rw-rw-r-- 1 bandit28 bandit28   23 Jan 16 01:46 HEAD
drwxrwxr-x 2 bandit28 bandit28 4096 Jan 16 01:46 hooks
-rw-rw-r-- 1 bandit28 bandit28  137 Jan 16 01:46 index
drwxrwxr-x 2 bandit28 bandit28 4096 Jan 16 01:46 info
drwxrwxr-x 3 bandit28 bandit28 4096 Jan 16 01:46 logs
drwxrwxr-x 4 bandit28 bandit28 4096 Jan 16 01:46 objects
-rw-rw-r-- 1 bandit28 bandit28  114 Jan 16 01:46 packed-refs
drwxrwxr-x 5 bandit28 bandit28 4096 Jan 16 01:46 refs
bandit28@bandit:/tmp/bdit29/repo/.git$ cat index
▒QՕ▒n▒▒▒README.mdTREE1 0W▒};_G▒#S▒
▒u([4▒▒▒4▒s▒z▒▒E▒F▒▒"Ԥ:D▒xL▒▒k\Tbandit28@bandit:/tmp/bdit29/repo/.git$
bandit28@bandit:/tmp/bdit29/repo/.git$ git show-branch
[master] fix info leak
bandit28@bandit:/tmp/bdit29/repo/.git$ git branch -vvv
* master 14f754b [origin/master] fix info leak
bandit28@bandit:/tmp/bdit29/repo/.git$ http://index
-bash: http://index: No such file or directory
bandit28@bandit:/tmp/bdit29/repo/.git$ file://index
-bash: file://index: No such file or directory
bandit28@bandit:/tmp/bdit29/repo/.git$ file://./index
-bash: file://./index: No such file or directory
bandit28@bandit:/tmp/bdit29/repo/.git$ git log
commit 14f754b3ba6531a2b89df6ccae6446e8969a41f3 (HEAD -> master, origin/master, origin/HEAD)
Author: Morla Porla <morla@overthewire.org>
Date:   Thu Oct 5 06:19:41 2023 +0000

    fix info leak

commit f08b9cc63fa1a4602fb065257633c2dae6e5651b
Author: Morla Porla <morla@overthewire.org>
Date:   Thu Oct 5 06:19:41 2023 +0000

    add missing data

commit a645bcc508c63f081234911d2f631f87cf469258
Author: Ben Dover <noone@overthewire.org>
Date:   Thu Oct 5 06:19:41 2023 +0000

    initial commit of README.md
bandit28@bandit:/tmp/bdit29/repo/.git$ diff --git a/README.md b/READMEmd
diff: unrecognized option '--git'
diff: Try 'diff --help' for more information.
bandit28@bandit:/tmp/bdit29/repo/.git$ git show
commit 14f754b3ba6531a2b89df6ccae6446e8969a41f3 (HEAD -> master, origin/master, origin/HEAD)
Author: Morla Porla <morla@overthewire.org>
Date:   Thu Oct 5 06:19:41 2023 +0000

    fix info leak

diff --git a/README.md b/README.md
index b302105..5c6457b 100644
--- a/README.md
+++ b/README.md
@@ -4,5 +4,5 @@ Some notes for level29 of bandit.
 ## credentials

 - username: bandit29
-- password: tQKvmcwNYcFS6vmPHIUSI3ShmsrQZK8S
+- password: xxxxxxxxxx

bandit28@bandit:/tmp/bdit29/repo/.git$
阅读全部

相关推荐

  1. Wargamesbash知识19

    2024-01-17 08:48:11       27 阅读

  2. Wargamesbash知识10

    2024-01-17 08:48:11       31 阅读

  3. Wargamesbash知识11

    2024-01-17 08:48:11       36 阅读

  5. Wargamesbash知识13

    2024-01-17 08:48:11       29 阅读

  6. Wargamesbash知识14

    2024-01-17 08:48:11       39 阅读

  7. Wargamesbash知识15

    2024-01-17 08:48:11       33 阅读

  8. Wargamesbash知识18

    2024-01-17 08:48:11       27 阅读

  10. Wargamesbash知识16

    2024-01-17 08:48:11       34 阅读

最近更新

  4. TCP协议是安全的吗?

    2024-01-17 08:48:11       16 阅读

  12. 阿里云服务器执行yum,一直下载docker-ce-stable失败

    2024-01-17 08:48:11       16 阅读

  13. 【Python教程】压缩PDF文件大小

    2024-01-17 08:48:11       15 阅读

  18. 通过文章id递归查询所有评论(xml)

    2024-01-17 08:48:11       18 阅读

热门阅读

  2. 【Python 千题 —— 基础篇】猜数字小游戏

    2024-01-17 08:48:11       29 阅读

  5. js arguments对象的由来和用法

    2024-01-17 08:48:11       26 阅读

  6. 椋鸟C语言笔记#34:文件的随机读写、文件读取结束或失败的判定、缓冲区

    2024-01-17 08:48:11       24 阅读

  11. vue的sync语法糖的使用

    2024-01-17 08:48:11       28 阅读

  14. 正则表达式2 常见模式

    2024-01-17 08:48:11       38 阅读

  15. 正则表达式

    2024-01-17 08:48:11       30 阅读

  20. UML2.0 14种图简单介绍

    2024-01-17 08:48:11       27 阅读

  22. Pandas实战100例 | 案例 13: 数据分类 - 使用 `cut` 对数值进行分箱

    2024-01-17 08:48:11       21 阅读

  24. Js高级语法

    2024-01-17 08:48:11       24 阅读

  25. 【MySQL】MySQL表的增删查改以及聚合函数/group by句子的使用

    2024-01-17 08:48:11       25 阅读

  26. 面试题总结-MQ总结

    2024-01-17 08:48:11       32 阅读