Post

Bandit Level 18 → Level 19

OverTheWire Bandit Level 18 → Level 19

Posted
By Slavetomints
views 1 min read

ssh bandit18@bandit.labs.overthewire.org -p 2220

The password for the next level is stored in a file readme in the homedirectory. Unfortunately, someone has modified .bashrc to log you out when you log in with SSH.

While this might seem pretty trivial at first, it’s actually a pretty simple on to get around. For this, we’ll need to just simply add a command we want to execute to the end of our original command, and it’ll execute before we get logged out!

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

┌─[slavetomints@parrot]─[~]
└──╼ $ssh bandit18@bandit.labs.overthewire.org -p 2220 ls
                         _                     _ _ _   
                        | |__   __ _ _ __   __| (_) |_ 
                        | '_ \ / _` | '_ \ / _` | | __|
                        | |_) | (_| | | | | (_| | | |_ 
                        |_.__/ \__,_|_| |_|\__,_|_|\__|
                                                       

                      This is an OverTheWire game server. 
            More information on http://www.overthewire.org/wargames

bandit18@bandit.labs.overthewire.org's password: 
readme
┌─[slavetomints@parrot]─[~]
└──╼ $ssh bandit18@bandit.labs.overthewire.org -p 2220 cat readme
                         _                     _ _ _   
                        | |__   __ _ _ __   __| (_) |_ 
                        | '_ \ / _` | '_ \ / _` | | __|
                        | |_) | (_| | | | | (_| | | |_ 
                        |_.__/ \__,_|_| |_|\__,_|_|\__|
                                                       

                      This is an OverTheWire game server. 
            More information on http://www.overthewire.org/wargames

bandit18@bandit.labs.overthewire.org's password: 
{removed in accordance with game rules}
OverTheWire, Bandit
overthewire bandit writeups training
This post is licensed under CC BY 4.0 by the author.