Post

OverTheWire: Bandit Level 18 → Level 19

The Bandit wargames are aimed at absolute beginners. It will teach the basics needed to be able to play other wargames.

Posted
Preview Image
By David Varghese
2 min read

Level Goal

The password for the next level is stored in a file readme in the homedirectory. Unfortunately, someone has modified .bashrc to log you out when you log in with SSH.

Commands you may need to solve this level

ssh, ls, cat

1
2
3
4
5
6
7
8

> whatis ssh  
ssh (1)              - OpenSSH remote login client

> whatis ls  
ls (1)               - list directory contents

> whatis cat  
cat (1)              - concatenate files and print on the standard output

Note: Not all commands are required to complete the level

Solution

From reading the question we understand that we cannot log in directly as the default shell “Bash” has been modified to not allow any login using SSH. So we need to use a shell other than bash to access the system.

The details of all the shells that are available on a system are stored under /etc/shells. Let’s look at the file on our system to get an idea of what are the different shells that could be present on the target (Only on Linux)

1
2
3
4
5
6
7
8
9
10
11

> cat /etc/shells  
# /etc/shells: valid login shells  
/bin/sh  
/bin/bash  
/usr/bin/bash  
/bin/rbash  
/usr/bin/rbash  
/bin/dash  
/usr/bin/dash  
/usr/bin/tmux  
/usr/bin/screen

Note: Each line in the file represents a shell that is present in the system

Now that we have an idea of some of the shells that should be preset on all systems we can try logging in with them via SSH. The -t flag of the SSH command is used to specify the shell to be used to login into the system.

1
2
3
4
5
6

$ ssh [email protected] -p 2220 -t "/bin/sh"

This is a OverTheWire game server. More information on http://www.overthewire.org/wargames

[email protected]'s password: kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd
$

We have managed to log in successfully using the “sh” shell

Find the password that is present in the readme file

1
2
3
4
5

$ ls  
readme

$ cat readme  
IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x

We have got the password for the next level !!!

Logout of the current session and login into the next level using the password for bandit19

1
2
3
4

> ssh [email protected] -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames

[email protected]'s password: IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x
Security, OverTheWire
overthewire bandit ctf security linux
This post is licensed under CC BY 4.0 by the author.