Wargames与bash知识20

gu7202262024-01-21 20:21

Wargames与bash知识20

Bandit29

关卡提示:有一个git存储库位于ssh://bandit29-git@localhost/home/bandit29 git/repo通过端口2220。用户bandit29git的密码与用户bandit29的密码相同。

克隆存储库并查找下一级别的密码。

创建目录 克隆

bash 复制代码 
bandit29@bandit:~$ ls -al
total 20
drwxr-xr-x  2 root root 4096 Oct  5 06:19 .
drwxr-xr-x 70 root root 4096 Oct  5 06:20 ..
-rw-r--r--  1 root root  220 Jan  6  2022 .bash_logout
-rw-r--r--  1 root root 3771 Jan  6  2022 .bashrc
-rw-r--r--  1 root root  807 Jan  6  2022 .profile
bandit29@bandit:~$ mkdir /tmp/bdit29
bandit29@bandit:~$ cd /tmp/bdit29
bandit29@bandit:/tmp/bdit29$ git clone ssh://bandit29-git@localhost:2220/home/bandit29-git/repo
Cloning into 'repo'...
The authenticity of host '[localhost]:2220 ([127.0.0.1]:2220)' can't be established.
ED25519 key fingerprint is SHA256:C2ihUBV7ihnV1wUXRb4RrEcLfXC5CXlhmAAM/urerLY.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Could not create directory '/home/bandit29/.ssh' (Permission denied).
Failed to add the host to the list of known hosts (/home/bandit29/.ssh/known_hosts).
                         _                     _ _ _
                        | |__   __ _ _ __   __| (_) |_
                        | '_ \ / _` | '_ \ / _` | | __|
                        | |_) | (_| | | | | (_| | | |_
                        |_.__/ \__,_|_| |_|\__,_|_|\__|


                      This is an OverTheWire game server.
            More information on http://www.overthewire.org/wargames
bandit29-git@localhost's password:
remote: Enumerating objects: 16, done.
remote: Counting objects: 100% (16/16), done.
remote: Compressing objects: 100% (11/11), done.
remote: Total 16 (delta 2), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (16/16), done.
Resolving deltas: 100% (2/2), done.
bandit29@bandit:/tmp/bdit29$ ls -al
total 408
drwxrwxr-x   3 bandit29 bandit29   4096 Jan 17 09:02 .
drwxrwx-wt 559 root     root     405504 Jan 17 09:03 ..
drwxrwxr-x   3 bandit29 bandit29   4096 Jan 17 09:03 repo
bandit29@bandit:/tmp/bdit29$ cd repo

查看README,获得提示:生产分支没有密码

bash 复制代码 
bandit29@bandit:/tmp/bdit29/repo$ ls
README.md
bandit29@bandit:/tmp/bdit29/repo$ ls -al
total 16
drwxrwxr-x 3 bandit29 bandit29 4096 Jan 17 09:03 .
drwxrwxr-x 3 bandit29 bandit29 4096 Jan 17 09:02 ..
drwxrwxr-x 8 bandit29 bandit29 4096 Jan 17 09:03 .git
-rw-rw-r-- 1 bandit29 bandit29  131 Jan 17 09:03 README.md
bandit29@bandit:/tmp/bdit29/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.

## credentials

- username: bandit30
- password: <no passwords in production!>

查看分支历史

bash 复制代码 
bandit29@bandit:/tmp/bdit29/repo$ git log --oneline --decorate --graph --all
* 1d160de (origin/dev) add data needed for development
* 73d0f76 add gif2ascii
| * 07b750d (origin/sploits-dev) add some silly exploit, just for shit and giggles
|/
* 4364630 (HEAD -> master, origin/master, origin/HEAD) fix username
* fca34dd initial commit of README.md
bash 复制代码 
bandit29@bandit:/tmp/bdit29/repo/.git$ git remote show origin
The authenticity of host '[localhost]:2220 ([127.0.0.1]:2220)' can't be established.
ED25519 key fingerprint is SHA256:C2ihUBV7ihnV1wUXRb4RrEcLfXC5CXlhmAAM/urerLY.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Could not create directory '/home/bandit29/.ssh' (Permission denied).
Failed to add the host to the list of known hosts (/home/bandit29/.ssh/known_hosts).
                         _                     _ _ _
                        | |__   __ _ _ __   __| (_) |_
                        | '_ \ / _` | '_ \ / _` | | __|
                        | |_) | (_| | | | | (_| | | |_
                        |_.__/ \__,_|_| |_|\__,_|_|\__|


                      This is an OverTheWire game server.
            More information on http://www.overthewire.org/wargames

bandit29-git@localhost's password:
* remote origin
  Fetch URL: ssh://bandit29-git@localhost:2220/home/bandit29-git/repo
  Push  URL: ssh://bandit29-git@localhost:2220/home/bandit29-git/repo
  HEAD branch: master
  Remote branches:
    dev         tracked
    master      tracked
    sploits-dev tracked
  Local branch configured for 'git pull':
    master merges with remote master
  Local ref configured for 'git push':
    master pushes to master (up to date)

切换分支
bandit29@bandit:/tmp/bdit29/repo/.git$ git checkout dev
fatal: this operation must be run in a work tree
bandit29@bandit:/tmp/bdit29/repo/.git$ cd ..
bandit29@bandit:/tmp/bdit29/repo$ git checkout dev
Branch 'dev' set up to track remote branch 'dev' from 'origin'.
Switched to a new branch 'dev'
bandit29@bandit:/tmp/bdit29/repo$ ls
code  README.md
bandit29@bandit:/tmp/bdit29/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.

## credentials

- username: bandit30
- password: xbhV3HpNGlTIdnjUrdAlPzc2L6y9EOnS
相关推荐
布茹 ei ai25 分钟前
QtWeatherApp - 简单天气预报软件(C++ Qt6)(附源码)
开发语言·c++·qt·开源·开源项目·天气预报
Wpa.wk26 分钟前
自动化测试 - 文件上传 和 弹窗处理
开发语言·javascript·自动化测试·经验分享·爬虫·python·selenium
LinHenrY122728 分钟前
初识C语言(编译和链接)
c语言·开发语言·蓝桥杯
_OP_CHEN28 分钟前
【Python基础】(二)从 0 到 1 入门 Python 语法基础:从表达式到运算符的全面指南
开发语言·python
l1t28 分钟前
利用小米mimo为精确覆盖矩形问题C程序添加打乱函数求出更大的解
c语言·开发语言·javascript·人工智能·算法
我命由我1234537 分钟前
Python Flask 开发:在 Flask 中返回字符串时,浏览器将其作为 HTML 解析
服务器·开发语言·后端·python·flask·html·学习方法
csbysj202038 分钟前
Scala 类和对象
开发语言
拾忆,想起39 分钟前
设计模式:软件开发的可复用武功秘籍
开发语言·python·算法·微服务·设计模式·性能优化·服务发现
沐知全栈开发44 分钟前
HTTP/HTTPS 简介
开发语言
跟着珅聪学java1 小时前
HTML中设置<select>下拉框默认值的详细教程
开发语言·前端·javascript
热门推荐
01GitHub 镜像站点02UV安装并设置国内源03Linux下V2Ray安装配置指南04在VSCode配置Java开发环境的保姆级教程(适配各类AI编程IDE)05BongoCat - 跨平台键盘猫动画工具06安娜的档案(Anna’s Archive) 镜像网站/国内最新可访问入口(持续更新)07【AutoGLM部署】本地私有化部署AI手机Agent08Neo4j(一) - Neo4j安装教程(Windows)09Open-AutoGLM Windows 安装部署教程10Cursor 又偷偷更新,这个功能太实用:Visual Editor for Cursor Browser