[OverTheWire: Bandit] level29 -> level30

사용 툴: cygwin

 

1) 문제

level29 -> level30 문제

ssh://bandit29-git@localhost/home/bandit29-git/repo에 git 저장소가 있다. 사용자 bandit28-git의 암호는 사용자 bandit29과 동일하다.

저장소를 복제하고 다음 수준의 암호를 찾아라.

 

이전 문제랑 문제가 똑같다.....

이전문제 보려면 여기 클릭!

 

 

2) 문제풀이

bandit29@bandit:~$ ls -al
total 20
drwxr-xr-x  2 root root 4096 Oct 16  2018 .
drwxr-xr-x 41 root root 4096 Oct 16  2018 ..
-rw-r--r--  1 root root  220 May 15  2017 .bash_logout
-rw-r--r--  1 root root 3526 May 15  2017 .bashrc
-rw-r--r--  1 root root  675 May 15  2017 .profile
bandit29@bandit:~$ cd /tmp
bandit29@bandit:/tmp$ mkdir ./mybandit29
bandit29@bandit:/tmp$ cd ./mybandit29
bandit29@bandit:/tmp/mybandit29$ ls -al
total 305924
drwxr-sr-x 2 bandit29 root      4096 Mar  9 08:50 .
drwxrws-wt 1 root     root 313204736 Mar  9 08:50 ..
bandit29@bandit:/tmp/mybandit29$ git clone ssh://bandit29-git@localhost/home/bandit29-git/repo
Cloning into 'repo'...
Could not create directory '/home/bandit29/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit29/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames

bandit29-git@localhost's password:
remote: Counting objects: 16, done.
remote: Compressing objects: 100% (11/11), done.
remote: Total 16 (delta 2), reused 0 (delta 0)
Receiving objects: 100% (16/16), done.
Resolving deltas: 100% (2/2), done.
bandit29@bandit:/tmp/mybandit29$

/tmp 아래 디렉터리도 만들고 git clone으로 저장소 복제까지 진행해주었다.

 

bandit29@bandit:/tmp/mybandit29$ ls -al
total 305928
drwxr-sr-x 3 bandit29 root      4096 Mar  9 08:51 .
drwxrws-wt 1 root     root 313204736 Mar  9 08:52 ..
drwxr-sr-x 3 bandit29 root      4096 Mar  9 08:51 repo
bandit29@bandit:/tmp/mybandit29$ cd repo
bandit29@bandit:/tmp/mybandit29/repo$ ls -al
total 16
drwxr-sr-x 3 bandit29 root 4096 Mar  9 08:51 .
drwxr-sr-x 3 bandit29 root 4096 Mar  9 08:51 ..
drwxr-sr-x 8 bandit29 root 4096 Mar  9 08:51 .git
-rw-r--r-- 1 bandit29 root  131 Mar  9 08:51 README.md
bandit29@bandit:/tmp/mybandit29/repo$ file README.md
README.md: ASCII text
bandit29@bandit:/tmp/mybandit29/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.

## credentials

- username: bandit30
- password: <no passwords in production!>

bandit29@bandit:/tmp/mybandit29/repo$

repo 디렉터리 안에 README.md 를 읽었는데 이것도 이전문제처럼 commit을 확인하면 되지 않을까라고 생각했다.

 

bandit29@bandit:/tmp/mybandit29/repo$ git log
commit 84abedc104bbc0c65cb9eb74eb1d3057753e70f8
Author: Ben Dover <noone@overthewire.org>
Date:   Tue Oct 16 14:00:41 2018 +0200

    fix username

commit 9b19e7d8c1aadf4edcc5b15ba8107329ad6c5650
Author: Ben Dover <noone@overthewire.org>
Date:   Tue Oct 16 14:00:41 2018 +0200

    initial commit of README.md
bandit29@bandit:/tmp/mybandit29/repo$ 

하지만... 별다른 힌트는 없어보였다.

 

그래서 branch를 바꾸어보기로 했다.

branch란 여러가지의 프로그래밍 작업을 동시에, 독립적으로 진행하는 것을 가능하게 하는 저장소를 가리키는 git의 포인터이다.

 

bandit29@bandit:/tmp/mybandit29/repo$ git branch -a
* master
  remotes/origin/HEAD -> origin/master
  remotes/origin/dev
  remotes/origin/master
  remotes/origin/sploits-dev
bandit29@bandit:/tmp/mybandit29/repo$

git branch -a 명령을 이용해서 branch를 확인한다.

기본적으로 master branch로 설정되어 있다.

 

branch를 /dev로 바꿔서 log를 살펴보겠다.

이때 git checkout 명령을 사용한다.

bandit29@bandit:/tmp/mybandit29/repo$ git checkout remotes/origin/dev
Note: checking out 'remotes/origin/dev'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:

  git checkout -b <new-branch-name>

HEAD is now at 33ce2e9... add data needed for development
bandit29@bandit:/tmp/mybandit29/repo$ git branch -a
* (HEAD detached at origin/dev)
  master
  remotes/origin/HEAD -> origin/master
  remotes/origin/dev
  remotes/origin/master
  remotes/origin/sploits-dev
bandit29@bandit:/tmp/mybandit29/repo$

git branch -a를 통해 현재 내 branch 위치가 바뀐 것을 알 수 있다.

 

bandit29@bandit:/tmp/mybandit29/repo$ git log
commit 33ce2e95d9c5d6fb0a40e5ee9a2926903646b4e3
Author: Morla Porla <morla@overthewire.org>
Date:   Tue Oct 16 14:00:41 2018 +0200

    add data needed for development

commit a8af722fccd4206fc3780bd3ede35b2c03886d9b
Author: Ben Dover <noone@overthewire.org>
Date:   Tue Oct 16 14:00:41 2018 +0200

    add gif2ascii

commit 84abedc104bbc0c65cb9eb74eb1d3057753e70f8
Author: Ben Dover <noone@overthewire.org>
Date:   Tue Oct 16 14:00:41 2018 +0200

    fix username

commit 9b19e7d8c1aadf4edcc5b15ba8107329ad6c5650
Author: Ben Dover <noone@overthewire.org>
Date:   Tue Oct 16 14:00:41 2018 +0200

    initial commit of README.md
bandit29@bandit:/tmp/mybandit29/repo$

log를 살펴보고 제일 위의 commit을 더 살펴보겠다.

 

bandit29@bandit:/tmp/mybandit29/repo$ git show 33ce2e95d9c5d6fb0a40e5ee9a2926903646b4e3
commit 33ce2e95d9c5d6fb0a40e5ee9a2926903646b4e3
Author: Morla Porla <morla@overthewire.org>
Date:   Tue Oct 16 14:00:41 2018 +0200

    add data needed for development

diff --git a/README.md b/README.md
index 1af21d3..39b87a8 100644
--- a/README.md
+++ b/README.md
@@ -4,5 +4,5 @@ Some notes for bandit30 of bandit.
 ## credentials

 - username: bandit30
-- password: <no passwords in production!>
+- password: 5b90576bedb2cc04c86a9e924ce42faf

bandit29@bandit:/tmp/mybandit29/repo$

엇 password가 보이는 듯 하다...!

 

bandit29@bandit:/tmp/mybandit29/repo$ ssh bandit30@localhost

bandit30@bandit:~$ id
uid=11030(bandit30) gid=11030(bandit30) groups=11030(bandit30)
bandit30@bandit:~$

인증까지 끝