With less than 10 levels left to go I assume that these are going to get harder. Bandit level 25 did not prove me wrong with this. I usually get this levels completed the week before allowing me a week to write this. As it stands I only finished this level at 1am this morning. I have also only finished writing this 1 hour before it was needed to post. If you haven’t had a chance to read my OverTheWire Bandit Write Up – Level 24 write up, give it a quick read then head back over here.

Level 25

This level will allow me to login directly with SSH to level 26, however, the next user isn’t using /bin/bash as their shell. I will need to find what shell is being used to be able to access the files I need.

Let’s Start Hacking Then

Just as all the levels previous I need to start with a fresh terminal and initiate a SSH connection to the system.

ssh bandit25@bandit.labs.overthewire.org -p 2220

Once connected I am prompted for the bandit level 25 user password that I gained from the last level. The password I enter was correct and now I am in. As I don’t currently have the password for level 26, there needs to be something that will help me in the home directory of the bandit25 user. I use the ls command to see what is available to me and find a bandit26.sshkey Using this key I should be able to initiate a connection to the system as the bandit2 user.

ssh bandit26@localhost -i bandit26.sshkey

Trying this goes through the normal connection process but I am presented with the following.

=== Connection to localhost closed. ===

This most likely relates to the fact that the bandit26 user doesn’t use the normal bin/bash shell. So I need to find out which shell the bandit26 user is using.

grep "bandit26" /etc/passwd

From this command I get a the following

bandit26:x:11026:11026:bandit level 26:/home/bandit26:/usr/bin/showtext

Looking at this I would assume that /usr/bin/showtext is the shell, however this is a programme not a shell. Looking at the man command for it shows that it uses the more command for a text.txt file in the home directory. I now try to connect again, however this time using the followed command.

ssh bandit26@localhost -i bandit26.sshkey -t /usr/bin/showtext

This should work but because of the way the more command works it seems that my terminal is too big. I now resize the window and try again, however this time it stops before closing the connection. I now have a way to “break” out and using more I can execute commands. Pressing the v button a couple of times allows me to type commands in. I type the following

e /etc/bandit_pass/bandit26

…and Wham! Bam! Thank you ma’am! I have the password now for level 26.

Level 25 Complete

I have hidden the password here, if you are playing along don’t peek! Please! It’s more fun getting it yourself.

Categories: Hacking

Justin Byrne

Justin Byrne is a self motivated tech enthusiasts. Spending more than half his life dedicated to the tech industry. He built his first computer at the age of 11, and has been building ever since. His interests have changed across the years from system building to web programming and even a dab of software engineering., and just like his interests, his operating system has changed sometimes more then 4 times a year.


Leave a Reply