War Games/Bandit - OverTheWire

[Bandit-OverTheWire] Level 25 -> Level 26

두비니

·

2020. 9. 25. 23:33

 

 

Bandit Level 25 → Level 26

Level Goal

Logging in to bandit26 from bandit25 should be fairly easy… The shell for user bandit26 is not /bin/bash, but something else. Find out what it is, how it works and how to break out of it.

Commands you may need to solve this level

ssh, cat, more, vi, ls, id, pwd

 

접속

접속 : ssh bandit25@bandit.labs.overthewire.org -p2220
pw : uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG

 

bandit25@bandit:~$ ls
bandit26.sshkey
bandit25@bandit:~$ ssh -i ./bandit26.sshkey bandit26@localhost
Could not create directory '/home/bandit25/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
...(생략)
  Enjoy your stay!

  _                     _ _ _   ___   __  
 | |                   | (_) | |__ \ / /  
 | |__   __ _ _ __   __| |_| |_   ) / /_  
 | '_ \ / _` | '_ \ / _` | | __| / / '_ \ 
 | |_) | (_| | | | | (_| | | |_ / /| (_) |
 |_.__/ \__,_|_| |_|\__,_|_|\__|____\___/ 
Connection to localhost closed.

 

sshkey가 있어서 접속을 해봤는데

하자마자 연결이 끊기네요.

 

일단 문제에서 요구하는건 /bin/bash가 아닌 bandit26의 shell을 알아내라는 건데....

이건 그냥 bandit25에서 여기저기 뒤졌습니다.

 

 

bandit25@bandit:~$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
...(생략)
bandit23:x:11023:11023:bandit level 23:/home/bandit23:/bin/bash
bandit24:x:11024:11024:bandit level 24:/home/bandit24:/bin/bash
bandit25:x:11025:11025:bandit level 25:/home/bandit25:/bin/bash
bandit26:x:11026:11026:bandit level 26:/home/bandit26:/usr/bin/showtext

 

보면 bandit26만 shell이 이상한걸 볼 수 있습니다.

 

bandit25@bandit:~$ cat /usr/bin/showtext
#!/bin/sh

export TERM=linux

more ~/text.txt
exit 0

 

음 more명령어로 text.txt를 읽는데...

딱히 감잡히는게 없어서 text.txt를 확인해봤습니다.

 

 

bandit25@bandit:~$ find / -name text.txt 2>/dev/null
/home/bandit26/text.txt
bandit25@bandit:~$ cat /home/bandit26/text.txt
cat: /home/bandit26/text.txt: Permission denied

 

text.txt를 찾긴 찾았는데 결국 bandit26 및에있는애라 할수있는게 없네요.

 

 

한참을 헤매다가 진짜 우연히 발견했는데

창을 개 작게해놓고 ssh 연결하면 저렇게 멈춥니다

 

 

 

그럼 저상태로 vi가 켜져요;;;;;

그래서 v > : > r /etc/bandit_pass/bandit26

 

 

 

입력하고나면 권한문제로 뭐라고 하는데 그냥 무시하고 나오면

 

 

 

뭐지? 되게 황당한 문제네요ㅋㅋㅋㅋㅋ

pw : 5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z

 

 

이 문제 이후로는 비교적 이후에 추가된 친구들로 알고있는데

이건 나중에....,,,.,.,.,,,

'War Games > Bandit - OverTheWire' 카테고리의 다른 글

[Bandit-OverTheWire] Level 24 -> Level 25  (0) 2020.09.25
[Bandit-OverTheWire] Level 23 -> Level 24  (0) 2020.09.25
[Bandit-OverTheWire] Level 22 -> Level 23  (0) 2020.09.24
[Bandit-OverTheWire] Level 21 -> Level 22  (0) 2020.09.24
[Bandit-OverTheWire] Level 20 -> Level 21  (0) 2020.09.24

War Games/Bandit - OverTheWire 카테고리와 연관된 콘텐츠