Skip to main content

5 posts tagged with "git"

View All Tags

Bandit Level 27 → 28

Shubham
Cybersecurity Enthusiast

Login: ssh bandit27@bandit.labs.overthewire.org -p 2220
Password: Ups6nC7Sc695jSGEB7L9J9J6AFRowFuJ

task

A git repository is at ssh://bandit27-git@bandit.labs.overthewire.org:2220/home/bandit27-git/repo. The password for the user bandit27-git is the same as the password for the user bandit27. Clone the repository and find the password for the next level.

theory lil bit

  1. Git Clone: The git clone command is used to create a copy of a specific repository from a remote server onto your local machine.
  2. SSH Protocol: Git can use SSH for data transfer. The URL specifies the user, the host, the port (2220), and the path to the repository.
  3. Repository Exploration: After cloning, you enter the directory to find the files that were tracked by the repository.
  4. Authentication: Since the git user bandit27-git shares the password with the shell user bandit27, you simply reuse the current level's password when prompted.

solution

# Create a temporary directory to work in
┌──(sssubhammm ⌘ macbook-air)-[~]
└─$ mkdir /tmp/my_git_repo && cd /tmp/my_git_repo

# Clone the remote repository using the provided SSH URL
# Use the bandit27 password when prompted
┌──(sssubhammm ⌘ macbook-air)-[/tmp/my_git_repo]
└─$ git clone ssh://bandit27-git@bandit.labs.overthewire.org:2220/home/bandit27-git/repo
Cloning into 'repo'...
bandit27-git@bandit.labs.overthewire.org's password:
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (3/3), done.

# Navigate into the cloned directory and check the contents
┌──(sssubhammm ⌘ macbook-air)-[/tmp/my_git_repo]
└─$ cd repo
┌──(sssubhammm ⌘ macbook-air)-[/tmp/my_git_repo/repo]
└─$ ls
README

# Read the README file to retrieve the password
┌──(sssubhammm ⌘ macbook-air)-[/tmp/my_git_repo/repo]
└─$ cat README
The password to the next level is: Yz9IpL0sBcCeuG7m9uQFt8ZNpS4HZRcN

`

Bandit Level 28 → 29

Shubham
Cybersecurity Enthusiast

Login: ssh bandit28@bandit.labs.overthewire.org -p 2220
Password: Yz9IpL0sBcCeuG7m9uQFt8ZNpS4HZRcN

task

There is a git repository at ssh://bandit28-git@bandit.labs.overthewire.org:2220/home/bandit28-git/repo. The password for the user bandit28-git is the same as the password for the user bandit28. Clone the repository and find the password for the next level.

theory lil bit

  1. Git History: Git stores a snapshot of every change made to a file. Even if sensitive data is overwritten or deleted in the latest version, it remains accessible in the project's history.
  2. Git Log: The git log command displays a list of all commits made to the repository, showing the commit hash, author, and descriptions like "fix info leak."
  3. Git Show: This command is used to view the specific changes (diff) introduced in a particular commit. It highlights what was added (+) and what was removed (-).
  4. Data Sanitization: This level highlights the danger of committing secrets. Simply "fixing" an info leak with a new commit doesn't remove the secret from the underlying .git directory.

solution

# Clone the repository into your workspace
┌──(sssubhammm ⌘ macbook-air)-[~/repo]
└─$ git clone ssh://bandit28-git@bandit.labs.overthewire.org:2220/home/bandit28-git/repo
Cloning into 'repo'...
bandit28-git@bandit.labs.overthewire.org's password:

# Navigate to the repository and check the current file
┌──(sssubhammm ⌘ macbook-air)-[~/repo]
└─$ cd repo
┌──(sssubhammm ⌘ macbook-air)-[~/repo/repo]
└─$ cat README.md
# Bandit Notes
...
- password: xxxxxxxxxx

# Inspect the commit history to find where the "info leak" occurred
┌──(sssubhammm ⌘ macbook-air)-[~/repo/repo]
└─$ git log
commit 00daa614aac60bd2981c381484191eb7bc4dcfd9 (HEAD -> master)
Author: Morla Porla <morla@overthewire.org>
fix info leak

commit a1487fd098591dfa210ede70ba60f7093f47d20d
add missing data

# View the changes in the 'fix info leak' commit to see the original password
┌──(sssubhammm ⌘ macbook-air)-[~/repo/repo]
└─$ git show 00daa614aac60bd2981c381484191eb7bc4dcfd9
...
- password: 4pT1t5DENaYuqnqvadYs1oE4QLCdjmJ7
+ password: xxxxxxxxxx

`

Bandit Level 29 → 30

Shubham
Cybersecurity Enthusiast

Login: ssh bandit29@bandit.labs.overthewire.org -p 2220
Password: 4pT1t5DENaYuqnqvadYs1oE4QLCdjmJ7

task

There is a git repository at ssh://bandit29-git@bandit.labs.overthewire.org:2220/home/bandit29-git/repo. The password for the user bandit29-git is the same as the password for the user bandit29. Clone the repository and find the password for the next level.

theory lil bit

  1. Git Branches: Repositories often have multiple branches (e.g., master, dev, staging). The default branch might not contain the sensitive data you are looking for.
  2. Remote Branches: Use git branch -a to see all branches, including those that exist on the remote server but haven't been checked out locally yet.
  3. Switching Context: The git checkout [branch_name] command allows you to switch between these different versions of the project's codebase.
  4. Information Siloing: Developers often keep "production" branches clean while leaving credentials or debugging code in "development" or "test" branches.

solution

# Clone the repository
┌──(sssubhammm ⌘ macbook-air)-[~/repo/repo]
└─$ git clone ssh://bandit29-git@bandit.labs.overthewire.org:2220/home/bandit29-git/repo
Cloning into 'repo'...
bandit29-git@bandit.labs.overthewire.org's password:

# Navigate and check the default README (password is redacted)
┌──(sssubhammm ⌘ macbook-air)-[~/repo/repo]
└─$ cd repo
┌──(sssubhammm ⌘ macbook-air)-[~/repo/repo/repo]
└─$ cat README.md
- password: <no passwords in production!>

# Check all available branches (local and remote)
┌──(sssubhammm ⌘ macbook-air)-[~/repo/repo/repo]
└─$ git branch -a
* master
remotes/origin/HEAD -> origin/master
remotes/origin/dev
remotes/origin/master
remotes/origin/sploits-dev

# Switch to the 'dev' branch to see if it contains different data
┌──(sssubhammm ⌘ macbook-air)-[~/repo/repo/repo]
└─$ git checkout dev
branch 'dev' set up to track 'origin/dev'.
Switched to a new branch 'dev'

# Check the README.md in the 'dev' branch
┌──(sssubhammm ⌘ macbook-air)-[~/repo/repo/repo]
└─$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.

## credentials

- username: bandit30
- password: qp30ex3VLz5MDG1n91YowTv4Q8l7CDZL

`

Bandit Level 30 → 31

Shubham
Cybersecurity Enthusiast

Login: ssh bandit30@bandit.labs.overthewire.org -p 2220
Password: qp30ex3VLz5MDG1n91YowTv4Q8l7CDZL

task

There is a git repository at ssh://bandit30-git@bandit.labs.overthewire.org:2220/home/bandit30-git/repo. The password for the user bandit30-git is the same as the password for the user bandit30. Clone the repository and find the password for the next level.

theory lil bit

  1. Git Tags: Tags are ref pointers to specific points in Git history, usually used to mark release points (like v1.0). Unlike branches, they don't change.
  2. Hidden References: Information isn't always in the files or the commit history logs. Sometimes secrets are hidden in metadata like tags or notes.
  3. Git Tag Command: git tag lists all existing tags in the repository.
  4. Inspecting Tags: Using git show [tag_name] allows you to see the object details or the content associated with that specific tag.

solution

# Clone the repository
┌──(sssubhammm ⌘ macbook-air)-[~/repo/repo/repo]
└─$ git clone ssh://bandit30-git@bandit.labs.overthewire.org:2220/home/bandit30-git/repo
Cloning into 'repo'...
bandit30-git@bandit.labs.overthewire.org's password:

# Enter the repository and check the files
┌──(sssubhammm ⌘ macbook-air)-[~/repo/repo/repo]
└─$ cd repo
┌──(sssubhammm ⌘ macbook-air)-[~/repo/repo/repo/repo]
└─$ ls
README.md
┌──(sssubhammm ⌘ macbook-air)-[~/repo/repo/repo/repo]
└─$ cat README.md
just an epmty file... muahaha

# Check for any git tags
┌──(sssubhammm ⌘ macbook-air)-[~/repo/repo/repo/repo]
└─$ git tag
secret

# View the content of the 'secret' tag
┌──(sssubhammm ⌘ macbook-air)-[~/repo/repo/repo/repo]
└─$ git show secret
fb5S2xb7bRyFmAvQYQGEqsbhVyJqhnDy

`

Bandit Level 31 → 32

Shubham
Cybersecurity Enthusiast

Login: ssh bandit31@bandit.labs.overthewire.org -p 2220
Password: fb5S2xb7bRyFmAvQYQGEqsbhVyJqhnDy

task

There is a git repository at ssh://bandit31-git@bandit.labs.overthewire.org:2220/home/bandit31-git/repo. The goal is to push a file named key.txt with the content "May I come in?" to the remote master branch to receive the next password.

theory lil bit

  1. The .gitignore File: This is a special file that tells Git which files or patterns to ignore. If *.txt is in .gitignore, Git will refuse to track any .txt files by default.
  2. Git Add: To track a new file, it must be staged using git add. If a file is ignored by .gitignore, you may need to modify the ignore file or use git add -f to force it.
  3. Git Commit & Push: git commit records your local changes, and git push sends those commits to the remote server.
  4. Pre-receive Hooks: Remote servers can run scripts (hooks) when you push. In this level, a hook validates your submission and prints the password before technically "declining" the push to reset the level for others.

solution

# Clone the repository
┌──(sssubhammm ⌘ macbook-air)-[~]
└─$ git clone ssh://bandit31-git@bandit.labs.overthewire.org:2220/home/bandit31-git/repo
Cloning into 'repo'...
bandit31-git@bandit.labs.overthewire.org's password:

# Navigate to the repo and create the required file
┌──(sssubhammm ⌘ macbook-air)-[~/repo]
└─$ cd repo
┌──(sssubhammm ⌘ macbook-air)-[~/repo/repo]
└─$ echo "May I come in?" > key.txt

# Notice that key.txt is ignored by .gitignore
┌──(sssubhammm ⌘ macbook-air)-[~/repo/repo]
└─$ cat .gitignore
*.txt

# Remove the restriction from .gitignore so Git can see the file
┌──(sssubhammm ⌘ macbook-air)-[~/repo/repo]
└─$ nvim .gitignore
# (Remove or comment out *.txt)

# Stage the files and commit the change
┌──(sssubhammm ⌘ macbook-air)-[~/repo/repo]
└─$ git add .
┌──(sssubhammm ⌘ macbook-air)-[~/repo/repo]
└─$ git commit -m "add key file"

# Push to the remote master branch
┌──(sssubhammm ⌘ macbook-air)-[~/repo/repo]
└─$ git push origin master
bandit31-git@bandit.labs.overthewire.org's password:
remote: ### Attempting to validate files... ####
remote:
remote: Well done! Here is the password for the next level:
remote: 3O9RfhqyAlVBEZpVb6LYStshZoqoSx5K
remote:
To ssh://bandit.labs.overthewire.org:2220/home/bandit31-git/repo
! [remote rejected] master -> master (pre-receive hook declined)

`