Bandit28->29

Level Goal

There is a git repository at ssh://bandit28-git@localhost/home/bandit28-git/repo via the port 2220. The password for the user bandit28-git is the same as for the user bandit28.

Clone the repository and find the password for the next level.

Commands useful to solve the level

• git-log
• git-show

Helpful Reading Material

• Git Everyday Commands A useful minimum set of commands for Everyday Git

Where to start?

For more informations about how to clone the repository, see the previous level.

From now on, I'll assume that you already retrieved the git repository in your temporary directory.

Part 1 : Viewing the history

In this level, when we cat the README.md file in the directory, we have a series of x's instead of the password like in the previous level. Of course, this series of x's isn't the password so we'll need to find a way to retrieve it.

Hint

As git stores the whole history of the file modifications, looking at the git-log man page, can you figure out a way to view the history of the git repository?

Solution

By running the git-log command, we can see that the commit history talks about missing data that has been added and the commit we're on talks about a memory leak. Our next goal will be to check for differences between the HEAD which is the point we're on in the history (usually after the last commit) and the commit that talks about missing data.

Part 2 : Retrieving the password

Now that we know where the information we'd like to retrieve might be, we need for a way to check if this information is actually there.

Hint

Looking at the git-show man page, can you figure out a way to view the differences between the README at the current commit and the README at the previous commit?

Solution

Using the git-show command, we can provide the hash of the commit we want to view

Info

We don't need to provide the full hash and the 5 first characters are usually enough

Here, we have that the commit f08b9 is mentionning an info leak. Let's try to see what are the differences between this commit and the commit we're looking at.
Let's run the following command in our terminal :

git show f08b9

This will print the last change in the README.md file, thus printing the password string.

Full Solution

1. git log to view all the commit history.
2. git show f08b9 to view the difference with the previous commit.

You can now jump to the next level