The last level wasn’t too difficult, however, it did get me looking at the levels differently. Hopefully the bandit level 19 will continue to open my eyes to new techniques. If you haven’t had a chance to read my OverTheWire Bandit Write Up – Level 18 write up, give it a quick read then head back over here.
To gain the password for the next level I need to read the password in the `/etc/bandit_pass` directory. However, the files in that directory only allow the level user to view their own password. To be able to view the password for a different level I will need to use the setuid binary provided.
Let’s Start Hacking Then
As normal the first thing that I need to do is to Initiate a SSH connection to the bandit level 19 system. I do this with the following command;
ssh email@example.com -p 2220
Once I got return I am asked for a password. I enter the one I got from the last level and I am in. Now I just need to try out this setuid binary.
Before I can do anything I need to check the file location, I run the
ls command and see a
bandit20-do binary in the current directory. Now I just need to test the binary, I do that with the following command;
After the command runs I am presented with a message that I can use the binary to execute anything as a different user. Knowing this I decided to run the following command to see if I can get the next password
./bandit20-do cat /etc/bandit_pass/bandit20
…and Wham! Bam! Thank you ma’am! I have the password now for level 20.
Level 19 Complete
I have hidden the password here, if you are playing along don’t peek! Please! It’s more fun getting it yourself.
Level 20 password
Justin Byrne is a self motivated tech enthusiasts. Spending more than half his life dedicated to the tech industry. He built his first computer at the age of 11, and has been building ever since. His interests have changed across the years from system building to web programming and even a dab of software engineering, and just like his interests, his operating system has changed sometimes more then 4 times a year.