We’re into the new year, and ready for another level, and a new challenge. My new years resolution this year is to finish the bandit wargame, and where best to start then bandit level 18. If you haven’t had a chance to read my OverTheWire Bandit Write Up – Level 17 write up, give it a quick read then head back over here.
The password for this level is stored in the home directory of the bandit level 18 user in a file name
readme. This seems simple enough, however, it seems that the
.bashrc has been modified.
Let’s Start Hacking Then
So first things first, I need to setup a fresh terminal and initiate a connection to the system. I do this using the following command:
ssh firstname.lastname@example.org -p 2220
Once connected the system asks for the password. I supplied it with the password I gained from the last level and I am in.
However, I receive a message of
Goodbye and then the session was terminated. This must be the changes that were made to the
.bashrc. So, it looks like when I connect with a bash terminal it responds with a message and then terminates the connection.
What I need to do is bypass the
.bashrc and the best way I can think to do this is to just specify a different shell to use when initiating the ssh connection. To do this I run the following command:
ssh email@example.com -p 2220 -t /bin/sh
I am once again asked for the password as I was the first time. Again I enter the password, it is successful. However, instead of getting the normal message of the day, or the
Goodbye message I got previously. I was presented with a `$` and a flashing cursor.
From here I can look to see what is in the working directory using the
ls command. A luckily for me, it’s the
readme file that I know contains the password for the next level. So I run the following command
…and Wham! Bam! Thank you ma’am! I have the password now for level 19.
Level 18 Complete
I have hidden the password here, if you are playing along don’t peek! Please! It’s more fun getting it yourself.
Level 19 password