We’re into the new year, and ready for another level, and a new challenge. My new years resolution this year is to finish the bandit wargame, and where best to start then bandit level 18. If you haven’t had a chance to read my OverTheWire Bandit Write Up – Level 17 write up, give it a quick read then head back over here.

Level 18

The password for this level is stored in the home directory of the bandit level 18 user in a file name readme. This seems simple enough, however, it seems that the .bashrc has been modified.

Let’s Start Hacking Then

So first things first, I need to setup a fresh terminal and initiate a connection to the system. I do this using the following command:

ssh bandit18@bandit.labs.overthewire.org -p 2220

Once connected the system asks for the password. I supplied it with the password I gained from the last level and I am in.

However, I receive a message of Goodbye and then the session was terminated. This must be the changes that were made to the .bashrc. So, it looks like when I connect with a bash terminal it responds with a message and then terminates the connection.

What I need to do is bypass the .bashrc and the best way I can think to do this is to just specify a different shell to use when initiating the ssh connection. To do this I run the following command:

ssh bandit18@bandit.labs.overthewire.org -p 2220 -t /bin/sh

I am once again asked for the password as I was the first time. Again I enter the password, it is successful. However, instead of getting the normal message of the day, or the Goodbye message I got previously. I was presented with a `$` and a flashing cursor.

From here I can look to see what is in the working directory using the ls command. A luckily for me, it’s the readme file that I know contains the password for the next level. So I run the following command

cat readme

…and Wham! Bam! Thank you ma’am! I have the password now for level 19.

Level 18 Complete

I have hidden the password here, if you are playing along don’t peek! Please! It’s more fun getting it yourself.

Categories: Hacking

Justin Byrne

Justin Byrne is a self motivated tech enthusiasts. Spending more than half his life dedicated to the tech industry. He built his first computer at the age of 11, and has been building ever since. His interests have changed across the years from system building to web programming and even a dab of software engineering, and just like his interests, his operating system has changed sometimes more then 4 times a year.


Leave a Reply