Wargames与bash知识20

Wargames与bash知识20

Bandit29

关卡提示:有一个git存储库位于ssh://bandit29-git@localhost/home/bandit29 git/repo通过端口2220。用户bandit29git的密码与用户bandit29的密码相同。

克隆存储库并查找下一级别的密码。

创建目录 克隆

bash 复制代码
bandit29@bandit:~$ ls -al
total 20
drwxr-xr-x  2 root root 4096 Oct  5 06:19 .
drwxr-xr-x 70 root root 4096 Oct  5 06:20 ..
-rw-r--r--  1 root root  220 Jan  6  2022 .bash_logout
-rw-r--r--  1 root root 3771 Jan  6  2022 .bashrc
-rw-r--r--  1 root root  807 Jan  6  2022 .profile
bandit29@bandit:~$ mkdir /tmp/bdit29
bandit29@bandit:~$ cd /tmp/bdit29
bandit29@bandit:/tmp/bdit29$ git clone ssh://bandit29-git@localhost:2220/home/bandit29-git/repo
Cloning into 'repo'...
The authenticity of host '[localhost]:2220 ([127.0.0.1]:2220)' can't be established.
ED25519 key fingerprint is SHA256:C2ihUBV7ihnV1wUXRb4RrEcLfXC5CXlhmAAM/urerLY.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Could not create directory '/home/bandit29/.ssh' (Permission denied).
Failed to add the host to the list of known hosts (/home/bandit29/.ssh/known_hosts).
                         _                     _ _ _
                        | |__   __ _ _ __   __| (_) |_
                        | '_ \ / _` | '_ \ / _` | | __|
                        | |_) | (_| | | | | (_| | | |_
                        |_.__/ \__,_|_| |_|\__,_|_|\__|


                      This is an OverTheWire game server.
            More information on http://www.overthewire.org/wargames
bandit29-git@localhost's password:
remote: Enumerating objects: 16, done.
remote: Counting objects: 100% (16/16), done.
remote: Compressing objects: 100% (11/11), done.
remote: Total 16 (delta 2), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (16/16), done.
Resolving deltas: 100% (2/2), done.
bandit29@bandit:/tmp/bdit29$ ls -al
total 408
drwxrwxr-x   3 bandit29 bandit29   4096 Jan 17 09:02 .
drwxrwx-wt 559 root     root     405504 Jan 17 09:03 ..
drwxrwxr-x   3 bandit29 bandit29   4096 Jan 17 09:03 repo
bandit29@bandit:/tmp/bdit29$ cd repo

查看README,获得提示:生产分支没有密码

bash 复制代码
bandit29@bandit:/tmp/bdit29/repo$ ls
README.md
bandit29@bandit:/tmp/bdit29/repo$ ls -al
total 16
drwxrwxr-x 3 bandit29 bandit29 4096 Jan 17 09:03 .
drwxrwxr-x 3 bandit29 bandit29 4096 Jan 17 09:02 ..
drwxrwxr-x 8 bandit29 bandit29 4096 Jan 17 09:03 .git
-rw-rw-r-- 1 bandit29 bandit29  131 Jan 17 09:03 README.md
bandit29@bandit:/tmp/bdit29/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.

## credentials

- username: bandit30
- password: <no passwords in production!>

查看分支历史

bash 复制代码
bandit29@bandit:/tmp/bdit29/repo$ git log --oneline --decorate --graph --all
* 1d160de (origin/dev) add data needed for development
* 73d0f76 add gif2ascii
| * 07b750d (origin/sploits-dev) add some silly exploit, just for shit and giggles
|/
* 4364630 (HEAD -> master, origin/master, origin/HEAD) fix username
* fca34dd initial commit of README.md
bash 复制代码
bandit29@bandit:/tmp/bdit29/repo/.git$ git remote show origin
The authenticity of host '[localhost]:2220 ([127.0.0.1]:2220)' can't be established.
ED25519 key fingerprint is SHA256:C2ihUBV7ihnV1wUXRb4RrEcLfXC5CXlhmAAM/urerLY.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Could not create directory '/home/bandit29/.ssh' (Permission denied).
Failed to add the host to the list of known hosts (/home/bandit29/.ssh/known_hosts).
                         _                     _ _ _
                        | |__   __ _ _ __   __| (_) |_
                        | '_ \ / _` | '_ \ / _` | | __|
                        | |_) | (_| | | | | (_| | | |_
                        |_.__/ \__,_|_| |_|\__,_|_|\__|


                      This is an OverTheWire game server.
            More information on http://www.overthewire.org/wargames

bandit29-git@localhost's password:
* remote origin
  Fetch URL: ssh://bandit29-git@localhost:2220/home/bandit29-git/repo
  Push  URL: ssh://bandit29-git@localhost:2220/home/bandit29-git/repo
  HEAD branch: master
  Remote branches:
    dev         tracked
    master      tracked
    sploits-dev tracked
  Local branch configured for 'git pull':
    master merges with remote master
  Local ref configured for 'git push':
    master pushes to master (up to date)

切换分支
bandit29@bandit:/tmp/bdit29/repo/.git$ git checkout dev
fatal: this operation must be run in a work tree
bandit29@bandit:/tmp/bdit29/repo/.git$ cd ..
bandit29@bandit:/tmp/bdit29/repo$ git checkout dev
Branch 'dev' set up to track remote branch 'dev' from 'origin'.
Switched to a new branch 'dev'
bandit29@bandit:/tmp/bdit29/repo$ ls
code  README.md
bandit29@bandit:/tmp/bdit29/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.

## credentials

- username: bandit30
- password: xbhV3HpNGlTIdnjUrdAlPzc2L6y9EOnS
相关推荐
Elasticsearch4 小时前
深入解析 simdvec:Elasticsearch 如何利用神经网络和视频编解码 CPU 指令实现向量搜索
elasticsearch
Elasticsearch1 天前
一条命令。自然语言。你的 Elasticsearch 数据,直接进入终端
elasticsearch
vivo互联网技术1 天前
从 10 分钟到 1 秒:ES 深度分页任意跳页的三轮优化实战
服务器·数据库·redis·elasticsearch·深度分页
Elasticsearch1 天前
热力直达:使用 Elasticsearch 插件将 ES|QL 引入你的 Grafana 仪表板
elasticsearch
小猿姐1 天前
唯品会大规模数据库云原生实践:基于 KubeBlocks 管理数千实例的统一运维之路
运维·elasticsearch·云原生
Elasticsearch2 天前
使用 Elastic Agent Builder 和 Sarvam AI 构建多语言语音 agent
elasticsearch
武子康6 天前
调查研究-197 FAISS vs Elasticsearch 全面对比:从向量检索、全文搜索到 RAG 选型指南
人工智能·elasticsearch·agent
Elasticsearch7 天前
Elasticsearch ES|QL:现已支持视图、子查询和读取时模式定义
elasticsearch
Elasticsearch10 天前
Kibana 中的 SNMP 拓扑数据:从采集到 Canvas
elasticsearch