The current write-up that you are viewing is an ordinary write-up.
현재 보고계신 write-up은 일반 write-up 입니다.
To comply with the rule, in this write-up, I just deal with some hints related to this challenge. Here is no correct answer and no solution.
룰을 준수하기 위해, 이 문서에서는 이 챌린지와과 관련된 몇 가지 힌트만을 다룹니다. 여기에 정답과 솔루션은 없습니다.
For the full write-up PDF please refer to the page below.
풀 write-up PDF는 아래 페이지를 참고하세요.
https://cysecguide.blogspot.com/2018/12/overthewire-bandit-write-uplevel-28.html
Bandit Level 28 → Level 29
Level Goal
There is a git repository at ssh://bandit28-git@localhost/home/bandit28-git/repo. The password for the user bandit28-git is the same as for the user bandit28.
레벨 목표
git 저장소가 "ssh://bandit28-git@localhost/home/bandit28-git/repo"에 있다. "bandit28-git"의 패스워드는는 "bandit28"의 패스워드와 동일하다.
Clone the repository and find the password for the next level.
그 저장소를 복사한 뒤 다음 레벨의 패스워드를 찾아라.
Commands you may need to solve this level
현재 레벨을 클리어하기 위해 필요할 것으로 생각되는 명령어.
git
bandit28@bandit:~$ mkdir /tmp/mytmp56
bandit28@bandit:~$ cd /tmp/mytmp56
bandit28@bandit:/tmp/mytmp56$ git clone ssh://bandit28-git@localhost/home/bandit28-git/repo
Cloning into 'repo'...
Could not create directory '/home/bandit28/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit28/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit28-git@localhost's password:
remote: Counting objects: 9, done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 9 (delta 2), reused 0 (delta 0)
Receiving objects: 100% (9/9), done.
Resolving deltas: 100% (2/2), done.
bandit28@bandit:/tmp/mytmp56$
bandit28@bandit:/tmp/mytmp56$ ls -al
total 1124
drwxr-sr-x 3 bandit28 root 4096 Dec 9 10:59 .
drwxrws-wt 20566 root root 1138688 Dec 9 10:59 ..
drwxr-sr-x 3 bandit28 root 4096 Dec 9 10:59 repo
bandit28@bandit:/tmp/mytmp56$ ls ./repo
README.md
I created the "mytmp56" directory in the "tmp" directory and downloaded the data from the given repository. I noticed that the "repo" directory was created. There is one file inside.
"tmp" 디렉토리에 "mytmp56" 디렉토리를 생성 후, 그곳에 주어진 저장소의 자료를 다운로드 받았다. "repo" 디렉토리가 생겨난 것을 알 수 있었다. 내부에는 파일 하나가 있다.
bandit28@bandit:/tmp/mytmp56/repo$ ls
README.md
bandit28@bandit:/tmp/mytmp56/repo$ cat ./README.md
# Bandit Notes
Some notes for level29 of bandit.
## credentials
- username: bandit29
- password: xxxxxxxxxx
I opened the "README.md" file, but the password was masked."README.md"
파일이 있어서 열어보았지만, 패스워드는 마스킹 처리가 되어있었다.
I looked at the related logs.
관련 로그를 살펴보았다.
bandit28@bandit:/tmp/mytmp56/repo/.git$ git ■■■
commit 073c■■■■■■■■■■■■2faad1dd■■■■■■■■■■■■c4f95
Author: Morla PorlaDate: Tue Oct 16 14:00:39 2018 +0200
fix info leak
commit 186■■■■■■■■■■■■58d42d468cdc■■■■■■■■■3fcb
Author: Morla Porla
Date: Tue Oct 16 14:00:39 2018 +0200
add missing data
commit b6■■■■■■■■■4210c5334■■■■■■■■■■■■■■■8cc7
Author: Ben Dover
Date: Tue Oct 16 14:00:39 2018 +0200
initial commit of README.md
bandit28@bandit:/tmp/mytmp56/repo/.git$
bandit28@bandit:/tmp/mytmp56/repo/.git$
So I decided to see what changes were made at each commit.
그래서 각각의 커밋 때 어떤 변경 사항이 있었는지 확인하기로 했다.
- Omission 중략 -
bandit28@bandit:/tmp/mytmp56/repo/.git$ git ■■■■■■ ■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■
commit ■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■
Author: Morla Porla
Date: Tue Oct 16 14:00:39 2018 +0200
add missing data
diff --git a/README.md b/README.md
index 7ba2d2f..3f7cee8 100644
--- a/README.md
+++ b/README.md
@@ -4,5 +4,5 @@ Some notes for level29 of bandit.
## credentials
- username: bandit29
-- password:
+- password: ■■■■■■■■■■■■■■■■■■■■■■■■■
I could see that the password information was leaked at the time of the ■■■■■■■■■■ commit.
■■■■■■■■■■ 커밋 시점에 패스워드 정보가 누출되었음을 알 수 있었다.