Bandit Level 25 to Level 26 | OverTheWire
Learn linux command by playing Bandit wargame. The Bandit wargame is aimed at absolute beginners. It will teach the basics needed to be able to play other wargames. Below is the solution of Bandit Level 25 → Level 26 and 26 → Level 27.
In this level we will learn how to change shell and how size of the terminal window can also help us to crack the password.
The passwords are hidden, so you have to find the passwords for next level yourself.
Previous Post
Bandit Level 0 to Level 3
Bandit Level 4 to Level 8
Bandit Level 9 to Level 11
Bandit Level 12 → Level 13
Bandit Level 13 to Level 15
Bandit Level 16 to Level 18
Bandit Level 19 to Level 20
Bandit Level 21 to Level 22
Bandit Level 23 → Level 24
Bandit Level 24 → Level 25
Bandit Level 25 → Level 26
Level Goal
Logging in to bandit26 from bandit25 should be fairly easy… The shell for user bandit26 is not /bin/bash, but something else. Find out what it is, how it works and how to break out of it.
Commands you may need to solve this level
ssh, cat, more, vi, ls, id, pwd
Solution :
Command to connect remote host : ssh bandit25@bandit.labs.overthewire.org -p 2220 password is **** .
There is a private key in the file bandit26.sshkey in /home/bandit25 directory. If we use this private key to login as user bandit26 using command ssh -i bandit26.sshkey bandit26@localhost we are logged out. We receive a message “Connection to localhost closed”.
Lets find some information of user bandit25 and bandit26. bandit25 uses /bin/sh shell and bandit26 uses something /usr/bin/showtext.
Lets see what is inside the showtext file. The content is
1
2
3
4
#!/bin/sh
export TERM=linux
more ~/text.txt
exit 0
Before exiting, command more ~/text.txt is executed.
more is a filter for paging through text one screenful at a time. With command v we can start up an editor at current line. The editor is taken from the environment variable VISUAL if defined, or EDITOR if VISUAL is not defined, or defaults to vi if neither VISUAL nor EDITOR is defined.
To enable more we have to decrease size of our terminal window.
Enter command ssh -i bandit26.sshkey bandit26@localhost.
After typing v we enter into vim editor then enter :e /etc/bandit_pass/bandit26 to view password for next level. The password for next level is **** .
Reference : How To View System Users in Linux on Ubuntu
http://man7.org/linux/man-pages/man1/more.1.html
https://www.billycody.com/otw-wargames/bandit/bandit-level-25
Bandit Level 26 → Level 27
Level Goal
Good job getting a shell! Now hurry and grab the password for bandit27!
Commands you may need to solve this level
ls
Solution :
Command to connect remote host : ssh bandit26@bandit.labs.overthewire.org -p 2220 password is **** .
Before running the above command, shrink the terminal window like we have done in previous level.
Enter v to start up an editor mode. Command :set shell ? will tell the shell of the user and :set shell=/bin/sh will set it to /bin/sh. Run :set shell ? again to confirm.
To execute a command in subshell, enter :!command. Lets execute :!ls -la.
There is a bandit27-do file with elevated privilege. It will help us to know the password.
Run command
1
:! ./bandit27-do cat /etc/bandit_pass/bandit27
and the password is **** .
Reference : Vim tips: Working with external commands
http://man7.org/linux/man-pages/man1/more.1.html
Next Post
Bandit Level 27 to Level 31
Bandit Level 32 → Level 33
Other Wargames
Leviathan Wargame from OverTheWire All Level Solutions
Krypton Wargame from OverTheWire All Level Solutions