[OverTheWire: Bandit] level27 -> level28

사용 툴: cygwin

 

1) 문제

level27 -> level28 문제

ssh://bandit27-git@localhost/home/bandit27-git/repo에 git 저장소가 있다. 사용자 bandit27-git의 암호는 사용자 bandit27과 동일하다.

저장소를 복제하고 다음 수준의 암호를 찾아라.

 

 

2) 문제풀이

 

bandit27@bandit:~$ ls -al
total 20
drwxr-xr-x  2 root root 4096 Oct 16  2018 .
drwxr-xr-x 41 root root 4096 Oct 16  2018 ..
-rw-r--r--  1 root root  220 May 15  2017 .bash_logout
-rw-r--r--  1 root root 3526 May 15  2017 .bashrc
-rw-r--r--  1 root root  675 May 15  2017 .profile
bandit27@bandit:~$

bandit27의 홈디렉터리를 살펴보니까 문제풀이에 필요한 딱히 단서가 없는 것 같다..

 

문제에서 저장소를 복제하라고 했는데, 지금 현재디렉토리에는 bandit27의 권한이 없어서 /tmp에서 작업(?)을 해보도록 하겠다.

bandit27@bandit:~$ cd /tmp
bandit27@bandit:/tmp$ mkdir ./mybandit27
bandit27@bandit:/tmp$ cd ./mybandit27
bandit27@bandit:/tmp/mybandit27$ ls -al
total 305924
drwxr-sr-x 2 bandit27 root      4096 Mar  9 08:12 .
drwxrws-wt 1 root     root 313204736 Mar  9 08:12 ..
bandit27@bandit:/tmp/mybandit27$

 

bandit27@bandit:/tmp/mybandit27$ git clone ssh://bandit27-git@localhost/home/bandit27-git/repo
Cloning into 'repo'...
Could not create directory '/home/bandit27/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit27/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames

bandit27-git@localhost's password:
remote: Counting objects: 3, done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (3/3), done.
bandit27@bandit:/tmp/mybandit27$
bandit27@bandit:/tmp/mybandit27$

git clone이라는 명령어를 써준다.

저장소를 복제하는 명령어이다.

 

bandit27@bandit:/tmp/mybandit27$ ls -al
total 305928
drwxr-sr-x 3 bandit27 root      4096 Mar  9 08:17 .
drwxrws-wt 1 root     root 313204736 Mar  9 08:20 ..
drwxr-sr-x 3 bandit27 root      4096 Mar  9 08:17 repo
bandit27@bandit:/tmp/mybandit27$ cd repo
bandit27@bandit:/tmp/mybandit27/repo$ ls -al
total 16
drwxr-sr-x 3 bandit27 root 4096 Mar  9 08:17 .
drwxr-sr-x 3 bandit27 root 4096 Mar  9 08:17 ..
drwxr-sr-x 8 bandit27 root 4096 Mar  9 08:17 .git
-rw-r--r-- 1 bandit27 root   68 Mar  9 08:17 README
bandit27@bandit:/tmp/mybandit27/repo$ file README
README: ASCII text
bandit27@bandit:/tmp/mybandit27/repo$ cat README
The password to the next level is: 0ef186ac70e04ea33b4c1853d2526fa2
bandit27@bandit:/tmp/mybandit27/repo$

repo 디렉터리에 있는 README를 읽으면 손쉽게 패스워드를 알 수 있다.

 

bandit27@bandit:/tmp/mybandit27/repo$ ssh bandit28@localhost

bandit28@bandit:~$ id
uid=11028(bandit28) gid=11028(bandit28) groups=11028(bandit28)
bandit28@bandit:~$

인증까지 끝!