About Me
Avatar
Part time CTF Player learn every day!!
🌠 I Love Hoshimachi Suisei!! 🌠
🌠 I Love Hoshimachi Suisei!! 🌠

OverTheWire Bandit Level 27 → 28 tutorial!!

overthewire bandit walkthrough ctf linux beginner
Published on 01 Feb 2023

Login

Log in as bandit27 using the password you obtained from Level 26 → 27.

ssh bandit27@bandit.labs.overthewire.org -p 2220
# password: upsNCc7vzaRDx6oZC6GiR6ERwe1MowGB

Why? Each Bandit level is a separate UNIX user. To solve 27 → 28, you must be the bandit27 user.

Task

Task placeholder

The home directory contains a git repository (served over SSH). Your task: clone it, explore the history, and recover the password for bandit28.

A little bit of Theory

  • Git history lives in .git/; earlier commits can still expose removed secrets.
  • git log shows commits; git show <hash> displays the changes (or file contents at that commit).
  • If HEAD looks clean, the password is probably hidden in an older commit.

Further reading:

Solution

  1. Clone the repository to a writable temp folder

    WORKDIR=$(mktemp -d)
cd "$WORKDIR"
git clone ssh://bandit27-git@localhost:2220/home/bandit27-git/repo "repo-$RANDOM"
cd repo-*

    Why? /tmp is writable by you; cloning here avoids permission issues. When prompted for a password for bandit27-git, enter the bandit27 password.

    git clone placeholder

  2. List the history

    git log --oneline --decorate --graph

    Why? A quick, readable view to spot the commit(s) that likely introduced/removed a secret.

    git log placeholder

  3. Show the commit content

    git show <commit-id>

    Why? Inspect the README change; the password is typically added in the initial commit or an early one.

    git show placeholder

  4. Extract the password

    Copy the password string you find in the relevant commit.

Password

The password revealed in the commit on my run:

Yz9IpL0sBcCeuG7m9uQFt8ZNpS4HZRcN

Troubleshooting

  • Permission denied (publickey) → The remote is bandit27-git@localhost on port 2220; it prompts for your bandit27 password.
  • “not a git repository” → Make sure you cd repo before using git log / git show.
  • No secret in HEAD → Use git log to step back through commits and git show <hash> each one until you see it.

Congrats 🎉 You used git history forensics to recover a removed secret. On to bandit28!

Thanks for reading!

Until next time — Otsumachi!! 💖☄️✨

Cinema

related posts

all tags

GOT-overwrite aboutme aead ai alphanumeric-shellcode apt argc0 argon2 aslr assembly asymmetric atoi automation backbox bandit base64 bash beginner behemoth binary binary-exploitation binary-to-ascii blackarch blind blind-sqli blogging blue-team bruteforce buffer-overflow buffer-overwrite c caesar canary capabilities checksec command-injection commonmark cookie cron crypto cryptography ctf cutter cyberchef cybersecurity defenders detection dev directory-traversal dnf docs drifter ecc education elf env envp exploitation finale forensics format-string formulaone frequency frequency-analysis gcc gdb getchar gfm ghidra github-pages governance gpg guide hashing hkdf http jekyll jmpbuf kali kasiski kdf kernel keylength kramdown krypton lab ld_preload leviathan lfi lfsr linux linux-syscall llmops log-poisoning ltrace manpage markdown maze memcpy mitigations mitmproxy mlops narnia natas networking newline-injection nonce nop-sled nx object-injection obsidian openssl osint overflow overthewire package-manager pacman parrot path path-hijacking pathname php pie pkc pki pointer-trick pqc priv-esc privilege-escalation provable-security pwn pwntools pyshark python race-condition radare2 rag randomness recon red-team redirect relro requests ret2env ret2libc reverse-engineering reversing ricing roadmap rop rot13 rsa scapy security seed seo serialization session setjmp-longjmp setuid shell shellcode smoke soc sockets sprintf sql-injection srop stack-canary stack-overflow strace strcmp strcpy streamcipher strings strncpy strtoul substitution suid suisei symlink symmetric terminal test threat-intel time-based tls troubleshooting tshark type-juggling ubuntu udp utumno vigenere virtualbox virtualization vmware vortex walkthrough web windows wireshark writing wsl x86
dash theme for Jekyll by bitbrain made with