Bandit18->19

Level Goal

The password for the next level is stored in a file readme in the homedirectory. Unfortunately, someone has modified .bashrc to log you out when you log in with SSH.

Commands useful to solve the level

• ssh
• cat

Helpful Reading Material

• What is the purpose of .bashrc Unix StackExchange discussion
• Bash invocation
• Difference between login shell and non-login shell Unix StackExchange discussion

Where to start?

We know that someone has modified our .bashrc file in order to log us out when we log in using SSH. The .bashrc file is a file where commands are read from when bash is invoked as an interactive shell that is not a login shell (see bash invocation for more informations). What we are going to do is to find out how to retrieve the readme file from bandit18 home directory.

Part 1 : Running a command on the remote host

As we are anyway login in using the ssh protocol, we need to find a way to run a command non-interactively on the remote host.

Hint

Once again, look into the ssh man page, find a way to execute a command on the remote host instead of an interactive shell.

Solution

To do so, we just need to append the command we want to run at the end of our ssh command, it will then be run instead of an interactive shell when we log in into the user bandit18. Our ssh command is the following :

ssh -l bandit18 -p 2220 bandit.labs.overthewire.org cat readme

Because we need to cat the readme file in bandit18 home directory. It will print the password string to sdout and exit.

Full Solution

1. ssh ssh://bandit18@bandit.labs.overthewire.org:2220 cat readme to cat the readme file in bandit18 home directory.

You can now jump to the next level