JRLByrne Tech

OverTheWire Bandit Write Up – Level 18

Hacking
8th January 2020
by Justin Byrne

We’re into the new year, and ready for another level, and a new challenge. My new years resolution this year is to finish the bandit wargame, and where best to start then bandit level 18. If you haven’t had a chance to read my OverTheWire Bandit Write Up – Level 17 write up, give it a quick read then head back over here.

Level 18

The password for this level is stored in the home directory of the bandit level 18 user in a file name readme. This seems simple enough, however, it seems that the .bashrc has been modified.

Let’s Start Hacking Then

So first things first, I need to setup a fresh terminal and initiate a connection to the system. I do this using the following command:

ssh bandit18@bandit.labs.overthewire.org -p 2220

Once connected the system asks for the password. I supplied it with the password I gained from the last level and I am in.

However, I receive a message of Goodbye and then the session was terminated. This must be the changes that were made to the .bashrc. So, it looks like when I connect with a bash terminal it responds with a message and then terminates the connection.

What I need to do is bypass the .bashrc and the best way I can think to do this is to just specify a different shell to use when initiating the ssh connection. To do this I run the following command:

ssh bandit18@bandit.labs.overthewire.org -p 2220 -t /bin/sh

I am once again asked for the password as I was the first time. Again I enter the password, it is successful. However, instead of getting the normal message of the day, or the Goodbye message I got previously. I was presented with a `$` and a flashing cursor.

From here I can look to see what is in the working directory using the ls command. A luckily for me, it’s the readme file that I know contains the password for the next level. So I run the following command

cat readme

…and Wham! Bam! Thank you ma’am! I have the password now for level 19.

Level 18 Complete

I have hidden the password here, if you are playing along don’t peek! Please! It’s more fun getting it yourself.

Leave a Reply