Bandit29->30

Level Goal

There is a git repository at ssh://bandit29-git@localhost/home/bandit29-git/repo via the port 2220. The password for the user bandit29-git is the same as for the user bandit29.

Clone the repository and find the password for the next level.

Commands useful to solve the level

• git-branch
• git-diff

Helpful Reading Material

• Branches in a nutshell See bandit27 and bandit28 for more helpful reading material

Where to start?

Once again, I'll assume that you already cloned the repository (see bandit27 for more informations).

Part 1 : Viewing all the branches

When we try to view the log and to show the differences in the repository, we don't get any relevant information.

Another great capability of git is the ability to branch. A branch is a line of development which is totally independent from all the others from the point when it has been created.

Hint

By looking at the git-branch man page, can you figure out a way to list all the branches in the repository?

Solution

We want to list all the branches of the repository. Let's run the following command :

git branch -a

This will list all the local branches (which is only master at the moment) and all the remote tracking branches. The following command outputs 3 branches : dev, master and sploits-dev. Let's now see if we can retrieve the password in one of these two other branches.

Part 2 : Viewing the differences between the branches

Now that we know that there are multiple branches, we'll try to view the differences between the README.md file and the files on the other branches

Hint

Looking at the git-diff man page, can you figure out a way to view the differences between the master branch and the other branches?

Solution

Let's try and run the following command :

git diff remotes/origin/dev

Info

We need to use remotes/origin/dev because the dev branch is not tracked locally. To track the remotes/origin/dev locally you'd have to run git checkout dev first.

When running the following command, we can see that the password is on the dev branch and use it to connect to the next level.

Full Solution

1. git branch -a to view all the branches in the repository
2. git diff remotes/origin/dev to view the changes between the dev branch and the master branch

Tip

One key takeaway of this level may be the Git mantra : branch early and branch often. A branch is cheap, easy to make experiments on and to delete when not needed anymore

You can now jump to the next level