Wargames与bash知识20

gu7202262024-01-21 20:21

Wargames与bash知识20

Bandit29

关卡提示:有一个git存储库位于ssh://bandit29-git@localhost/home/bandit29 git/repo通过端口2220。用户bandit29git的密码与用户bandit29的密码相同。

克隆存储库并查找下一级别的密码。

创建目录 克隆

bash 复制代码 
bandit29@bandit:~$ ls -al
total 20
drwxr-xr-x  2 root root 4096 Oct  5 06:19 .
drwxr-xr-x 70 root root 4096 Oct  5 06:20 ..
-rw-r--r--  1 root root  220 Jan  6  2022 .bash_logout
-rw-r--r--  1 root root 3771 Jan  6  2022 .bashrc
-rw-r--r--  1 root root  807 Jan  6  2022 .profile
bandit29@bandit:~$ mkdir /tmp/bdit29
bandit29@bandit:~$ cd /tmp/bdit29
bandit29@bandit:/tmp/bdit29$ git clone ssh://bandit29-git@localhost:2220/home/bandit29-git/repo
Cloning into 'repo'...
The authenticity of host '[localhost]:2220 ([127.0.0.1]:2220)' can't be established.
ED25519 key fingerprint is SHA256:C2ihUBV7ihnV1wUXRb4RrEcLfXC5CXlhmAAM/urerLY.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Could not create directory '/home/bandit29/.ssh' (Permission denied).
Failed to add the host to the list of known hosts (/home/bandit29/.ssh/known_hosts).
                         _                     _ _ _
                        | |__   __ _ _ __   __| (_) |_
                        | '_ \ / _` | '_ \ / _` | | __|
                        | |_) | (_| | | | | (_| | | |_
                        |_.__/ \__,_|_| |_|\__,_|_|\__|


                      This is an OverTheWire game server.
            More information on http://www.overthewire.org/wargames
bandit29-git@localhost's password:
remote: Enumerating objects: 16, done.
remote: Counting objects: 100% (16/16), done.
remote: Compressing objects: 100% (11/11), done.
remote: Total 16 (delta 2), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (16/16), done.
Resolving deltas: 100% (2/2), done.
bandit29@bandit:/tmp/bdit29$ ls -al
total 408
drwxrwxr-x   3 bandit29 bandit29   4096 Jan 17 09:02 .
drwxrwx-wt 559 root     root     405504 Jan 17 09:03 ..
drwxrwxr-x   3 bandit29 bandit29   4096 Jan 17 09:03 repo
bandit29@bandit:/tmp/bdit29$ cd repo

查看README,获得提示:生产分支没有密码

bash 复制代码 
bandit29@bandit:/tmp/bdit29/repo$ ls
README.md
bandit29@bandit:/tmp/bdit29/repo$ ls -al
total 16
drwxrwxr-x 3 bandit29 bandit29 4096 Jan 17 09:03 .
drwxrwxr-x 3 bandit29 bandit29 4096 Jan 17 09:02 ..
drwxrwxr-x 8 bandit29 bandit29 4096 Jan 17 09:03 .git
-rw-rw-r-- 1 bandit29 bandit29  131 Jan 17 09:03 README.md
bandit29@bandit:/tmp/bdit29/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.

## credentials

- username: bandit30
- password: <no passwords in production!>

查看分支历史

bash 复制代码 
bandit29@bandit:/tmp/bdit29/repo$ git log --oneline --decorate --graph --all
* 1d160de (origin/dev) add data needed for development
* 73d0f76 add gif2ascii
| * 07b750d (origin/sploits-dev) add some silly exploit, just for shit and giggles
|/
* 4364630 (HEAD -> master, origin/master, origin/HEAD) fix username
* fca34dd initial commit of README.md
bash 复制代码 
bandit29@bandit:/tmp/bdit29/repo/.git$ git remote show origin
The authenticity of host '[localhost]:2220 ([127.0.0.1]:2220)' can't be established.
ED25519 key fingerprint is SHA256:C2ihUBV7ihnV1wUXRb4RrEcLfXC5CXlhmAAM/urerLY.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Could not create directory '/home/bandit29/.ssh' (Permission denied).
Failed to add the host to the list of known hosts (/home/bandit29/.ssh/known_hosts).
                         _                     _ _ _
                        | |__   __ _ _ __   __| (_) |_
                        | '_ \ / _` | '_ \ / _` | | __|
                        | |_) | (_| | | | | (_| | | |_
                        |_.__/ \__,_|_| |_|\__,_|_|\__|


                      This is an OverTheWire game server.
            More information on http://www.overthewire.org/wargames

bandit29-git@localhost's password:
* remote origin
  Fetch URL: ssh://bandit29-git@localhost:2220/home/bandit29-git/repo
  Push  URL: ssh://bandit29-git@localhost:2220/home/bandit29-git/repo
  HEAD branch: master
  Remote branches:
    dev         tracked
    master      tracked
    sploits-dev tracked
  Local branch configured for 'git pull':
    master merges with remote master
  Local ref configured for 'git push':
    master pushes to master (up to date)

切换分支
bandit29@bandit:/tmp/bdit29/repo/.git$ git checkout dev
fatal: this operation must be run in a work tree
bandit29@bandit:/tmp/bdit29/repo/.git$ cd ..
bandit29@bandit:/tmp/bdit29/repo$ git checkout dev
Branch 'dev' set up to track remote branch 'dev' from 'origin'.
Switched to a new branch 'dev'
bandit29@bandit:/tmp/bdit29/repo$ ls
code  README.md
bandit29@bandit:/tmp/bdit29/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.

## credentials

- username: bandit30
- password: xbhV3HpNGlTIdnjUrdAlPzc2L6y9EOnS
相关推荐
Ronin30528 分钟前
【C++】类型转换
开发语言·c++
mrbone1144 分钟前
Git-git worktree的使用
开发语言·c++·git·cmake·worktree·gitab
浪裡遊1 小时前
Sass详解:功能特性、常用方法与最佳实践
开发语言·前端·javascript·css·vue.js·rust·sass
真实的菜1 小时前
JVM类加载系统详解:深入理解Java类的生命周期
java·开发语言·jvm
代码讲故事1 小时前
多种方法实现golang中实现对http的响应内容生成图片
开发语言·chrome·http·golang·图片·快照·截图
虾球xz2 小时前
CppCon 2018 学习:EFFECTIVE REPLACEMENT OF DYNAMIC POLYMORPHISM WITH std::variant
开发语言·c++·学习
Allen_LVyingbo2 小时前
Python常用医疗AI库以及案例解析(2025年版、上)
开发语言·人工智能·python·学习·健康医疗
小哈龙2 小时前
裸仓库 + Git Bash 搭建 本地 Git 服务端与客户端
开发语言·git·bash
G探险者2 小时前
《如何在 Spring 中实现 MQ 消息的自动重连:监听与发送双通道策略》
java·开发语言·rpc
weixin_437398213 小时前
转Go学习笔记
linux·服务器·开发语言·后端·架构·golang
热门推荐
01Coze实战第13讲:飞书多维表格读取+豆包生图模型,轻松批量生成短剧封面02手机电脑之间快速传输图片视频文件,不压缩画质、不限制大小的方法!03Coze扣子平台完整体验和实践(附国内和国际版对比)04华为昇腾 910B 部署 DeepSeek-R1 蒸馏系列模型详细指南05免费可用!最强AI数字人对口型神器:让照片开口说话唱歌,支持多人对口型+全身动作,1分钟学会!(附保姆级教程)06扣子(coze)实战|我用扣子搭建了一个自动分析小红薯笔记内容的AI应用|详细步骤拆解072024年 最新 iPhone手机 历代机型、屏幕尺寸、纵横比、分辨率 整理08C#调用WechatOCR.exe实现本地OCR文字识别09DeepSeek各版本说明与优缺点分析10Coze平台 创建AI智能体的详细步骤指南