Tumgik
Visit Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Fun Fact
The Tumblr app for Google Glass was released on May 16, 2013.
#okok now to log out <33
frankfoo3-blog · 5 years
Text
Week 06: Something Awesome Bandit Game Level 26 - 33
Level 26 -> 27
Okay I just ran the program inside of bandit26
./bandit27-do cat /etc/bandit_pass/bandit27 and grabbed the password 
Nice to have a relaxing game after the previous ones 
Level 27 -> 28 
So I need to clone a git repository 
I tried git clone ssh://bandit27-git:[password for bandit27]@localhost/home/bandit27-git/repo but it said fatal, could not create work tree dir 'repo': permission denied 
I googled the error, people were saying to try sudo chown -R **username** /var/www but that didn’t work either
Eventually I realised ... I couldn’t create new folders/files in /home/bandit27, so I made another /tmp/foldernamehere to work in 
Ran the git clone command git clone ssh://bandit27-git@localhost/home/bandit27-git/repo
Typed in the password and a repo folder appeared 
Got the password!
Level 28 -> 29
I did the same thing as the previous level, cloned a repo
I got a README.md file?
It says:
#bandit notes
some notes for level 29 of bandit
##credentials
- username: bandit29
- password: xxxxxxxx
Hmmm... md files 
I got it!
I googled git commands, and just tried a whole bunch of them
Eventually I tried git show, which showed the changes made to the file README.md
and it shows:
-- password: [password for bandit29] (in red - removed) +- password: (the actual password here) (in green - added in)
Level 29 -> 30 
I did the same thing as the previous level
Git show shows these changes:
-- username: bandit29 (in red - removed) +- username: bandit30 (in green - added) - password: <no passwords in production> (no changes here)
Does this imply that we can use the same password for level 30?
No dice, didn’t work 
I remembered that git creates a hidden .git folder, so I went in there and opened up everything, nothing here either 
After a couple of hours, I looked up a tutorial and damn, how did I miss it
Git branch has an option to show remote branches 
And there it was zzz, dev branch
So I did git checkout dev
Git show ..., yep there’s the password 
Level 30 -> 31 
Same thing as before, but now there’s an empty file 
After trying like every git command out there
I found that running Git tag gave out the word “secret”
So I googled git tag and one you could do with tag was 
git show [tag name]
So git show secret -> gave me the password!
Nearly there! 
Level 31 -> 32
Push a file to the remote branch
I googled how to push files to master and followed a guide
I did the following:
git checkout -b new
echo ‘May I come in?’ > key.txt
git add -f key.txt 
git commit -a “1st commit”
git push origin new:master 
which gave me the password 
You know, I had to write my own git program as an assignment last year, in perl. Andrew Taylor <33
Level 32 -> 33
"After all this git stuff, its time for another escape, goodluck!”
Oh no.... im worried
After i logged in, i get "WELCOME TO THE UPPERCASE SHELL" 
Okay I think I understand, anything I type becomes uppercase 
So I started experimenting here 
Any letters or numbers gives the output :not found
# doesn’t give any output 
! gives syntax error, new line unexpected
/ gives permission denied 
“.” doesn’t give any output
apostrophe ( ‘ ) gives unterminated quote string 
~ gives /home/bandit32: permission denied 
backtick ( ` ) gives EOF in backquote substitution
[ gives [: missing ]
Oh wait, is this an sh script?? The level command hints say sh and man
I’m gonna try to write a little sh script and paste the whole thing in 
Oh wait, a=$( $TERM ) gave the output
xterm-256color: not found, so something’s working
OKOK wait
$TERM gives xterm-256color not found
So I started experimenting with any “$” variables I could think of
$HOME gives /home/bandit32 permission denied
$SHELL gives “WELCOME TO THE UPPERCASE SHELL”
If I try like export $SHELL=/bin/bash it just says export not found 
It was at this point that I tried $0, because I remembered $0 from perl programming 
It made the >> turn into $
Echo “test” works now!! 
Maybe I can set the shell?
So I tried :set shell=/bin/bash, but it didn’t work, :set not found
Ok wait, I have access to the command line now, not sure what I can do, try to copy the password out?
I ran whoami and got bandit33, but wait a minute, shouldn’t I be bandit32? 
I tried cat /etc/bandit_pass/bandit33 and it worked!
i got the password and I’m out of here
That’s it!, finished bandit
What did I learn:
Got a refresher on like every git command
Clone, add, commit, log, show, branch, tag, checkout, push, pull 
Because I had to try out every command to see which one would work, I ended up reading up on them all 
I have a bandit.txt diary, 840 lines long containing what I was doing as I was doing it, what I was thinking at the time and what ended up happening. It’s what I’ve been cleaning up/formatting and posting here in the “something awesome” posts. Maybe I should paste it into a paste bin and put the link up as well. 
#Week06#SomethingAwesome
0 notes
Last Seen Blogs
tohru-honda
本田 透
bienlesbian
ecocounts
ecocounts
thewordsmithct
The Wordsmith CT
official-cisphobe
danny devito owes me child support money