Wargames与bash知识20

gu7202262024-01-21 20:21

Wargames与bash知识20

Bandit29

关卡提示:有一个git存储库位于ssh://bandit29-git@localhost/home/bandit29 git/repo通过端口2220。用户bandit29git的密码与用户bandit29的密码相同。

克隆存储库并查找下一级别的密码。

创建目录 克隆

bash 复制代码 
bandit29@bandit:~$ ls -al
total 20
drwxr-xr-x  2 root root 4096 Oct  5 06:19 .
drwxr-xr-x 70 root root 4096 Oct  5 06:20 ..
-rw-r--r--  1 root root  220 Jan  6  2022 .bash_logout
-rw-r--r--  1 root root 3771 Jan  6  2022 .bashrc
-rw-r--r--  1 root root  807 Jan  6  2022 .profile
bandit29@bandit:~$ mkdir /tmp/bdit29
bandit29@bandit:~$ cd /tmp/bdit29
bandit29@bandit:/tmp/bdit29$ git clone ssh://bandit29-git@localhost:2220/home/bandit29-git/repo
Cloning into 'repo'...
The authenticity of host '[localhost]:2220 ([127.0.0.1]:2220)' can't be established.
ED25519 key fingerprint is SHA256:C2ihUBV7ihnV1wUXRb4RrEcLfXC5CXlhmAAM/urerLY.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Could not create directory '/home/bandit29/.ssh' (Permission denied).
Failed to add the host to the list of known hosts (/home/bandit29/.ssh/known_hosts).
                         _                     _ _ _
                        | |__   __ _ _ __   __| (_) |_
                        | '_ \ / _` | '_ \ / _` | | __|
                        | |_) | (_| | | | | (_| | | |_
                        |_.__/ \__,_|_| |_|\__,_|_|\__|


                      This is an OverTheWire game server.
            More information on http://www.overthewire.org/wargames
bandit29-git@localhost's password:
remote: Enumerating objects: 16, done.
remote: Counting objects: 100% (16/16), done.
remote: Compressing objects: 100% (11/11), done.
remote: Total 16 (delta 2), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (16/16), done.
Resolving deltas: 100% (2/2), done.
bandit29@bandit:/tmp/bdit29$ ls -al
total 408
drwxrwxr-x   3 bandit29 bandit29   4096 Jan 17 09:02 .
drwxrwx-wt 559 root     root     405504 Jan 17 09:03 ..
drwxrwxr-x   3 bandit29 bandit29   4096 Jan 17 09:03 repo
bandit29@bandit:/tmp/bdit29$ cd repo

查看README,获得提示:生产分支没有密码

bash 复制代码 
bandit29@bandit:/tmp/bdit29/repo$ ls
README.md
bandit29@bandit:/tmp/bdit29/repo$ ls -al
total 16
drwxrwxr-x 3 bandit29 bandit29 4096 Jan 17 09:03 .
drwxrwxr-x 3 bandit29 bandit29 4096 Jan 17 09:02 ..
drwxrwxr-x 8 bandit29 bandit29 4096 Jan 17 09:03 .git
-rw-rw-r-- 1 bandit29 bandit29  131 Jan 17 09:03 README.md
bandit29@bandit:/tmp/bdit29/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.

## credentials

- username: bandit30
- password: <no passwords in production!>

查看分支历史

bash 复制代码 
bandit29@bandit:/tmp/bdit29/repo$ git log --oneline --decorate --graph --all
* 1d160de (origin/dev) add data needed for development
* 73d0f76 add gif2ascii
| * 07b750d (origin/sploits-dev) add some silly exploit, just for shit and giggles
|/
* 4364630 (HEAD -> master, origin/master, origin/HEAD) fix username
* fca34dd initial commit of README.md
bash 复制代码 
bandit29@bandit:/tmp/bdit29/repo/.git$ git remote show origin
The authenticity of host '[localhost]:2220 ([127.0.0.1]:2220)' can't be established.
ED25519 key fingerprint is SHA256:C2ihUBV7ihnV1wUXRb4RrEcLfXC5CXlhmAAM/urerLY.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Could not create directory '/home/bandit29/.ssh' (Permission denied).
Failed to add the host to the list of known hosts (/home/bandit29/.ssh/known_hosts).
                         _                     _ _ _
                        | |__   __ _ _ __   __| (_) |_
                        | '_ \ / _` | '_ \ / _` | | __|
                        | |_) | (_| | | | | (_| | | |_
                        |_.__/ \__,_|_| |_|\__,_|_|\__|


                      This is an OverTheWire game server.
            More information on http://www.overthewire.org/wargames

bandit29-git@localhost's password:
* remote origin
  Fetch URL: ssh://bandit29-git@localhost:2220/home/bandit29-git/repo
  Push  URL: ssh://bandit29-git@localhost:2220/home/bandit29-git/repo
  HEAD branch: master
  Remote branches:
    dev         tracked
    master      tracked
    sploits-dev tracked
  Local branch configured for 'git pull':
    master merges with remote master
  Local ref configured for 'git push':
    master pushes to master (up to date)

切换分支
bandit29@bandit:/tmp/bdit29/repo/.git$ git checkout dev
fatal: this operation must be run in a work tree
bandit29@bandit:/tmp/bdit29/repo/.git$ cd ..
bandit29@bandit:/tmp/bdit29/repo$ git checkout dev
Branch 'dev' set up to track remote branch 'dev' from 'origin'.
Switched to a new branch 'dev'
bandit29@bandit:/tmp/bdit29/repo$ ls
code  README.md
bandit29@bandit:/tmp/bdit29/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.

## credentials

- username: bandit30
- password: xbhV3HpNGlTIdnjUrdAlPzc2L6y9EOnS
相关推荐
Elasticsearch2 天前
如何使用 Agent Builder 排查 Kubernetes Pod 重启和 OOMKilled 事件
elasticsearch
Elasticsearch3 天前
通用表达式语言 ( CEL ): CEL 输入如何改进 Elastic Agent 集成中的数据收集
elasticsearch
郑州光合科技余经理5 天前
代码展示:PHP搭建海外版外卖系统源码解析
java·开发语言·前端·后端·系统架构·uni-app·php
feifeigo1235 天前
matlab画图工具
开发语言·matlab
dustcell.5 天前
haproxy七层代理
java·开发语言·前端
norlan_jame5 天前
C-PHY与D-PHY差异
c语言·开发语言
多恩Stone5 天前
【C++入门扫盲1】C++ 与 Python:类型、编译器/解释器与 CPU 的关系
开发语言·c++·人工智能·python·算法·3d·aigc
QQ4022054965 天前
Python+django+vue3预制菜半成品配菜平台
开发语言·python·django
遥遥江上月5 天前
Node.js + Stagehand + Python 部署
开发语言·python·node.js
m0_531237175 天前
C语言-数组练习进阶
c语言·开发语言·算法
热门推荐
01GitHub 镜像站点02OpenClaw 使用和管理 MCP 完全指南03OpenClaw + 飞书(Feishu)环境搭建指南04Claude Code + GLM4.7 避坑指南:解决 Unable to connect to Anthropic services05Clawdbot部署教程:解决‘gateway token missing’授权问题的完整步骤06小黑课堂计算机二级WPSoffice题库软件下载安装教程(2026年3月最新版)07OpenClaw优化飞书API 额度已耗尽问题08【OpenClaw 本地实战 Ep.3】突破瓶颈:强制修改 openclaw.json 解锁 32k 上下文记忆09Window 10部署openclaw报错node.exe : npm error code 12810OpenClaw大龙虾机器人完整安装教程