1. Bandit31 목표
There is a git repository at ssh://bandit31-git@localhost/home/bandit31-git/repo via the port 2220. The password for the user bandit31-git is the same as for the user bandit31.
Clone the repository and find the password for the next level.
Commands you may need to solve this level
git
2. Bandit31 구현
# 비밀번호 root 입력 접속
ssh -oStrictHostKeyChecking=no root@localhost -p 2220
cat <<EOF > /home/bandit31/.gitconfig
[user]
email = bandit31@overthewire.org
name = bandit31
EOF
chmod 755 /home/bandit31/.gitconfig
useradd bandit32 && echo -e "3O9RfhqyAlVBEZpVb6LYStshZoqoSx5K\n3O9RfhqyAlVBEZpVb6LYStshZoqoSx5K" | passwd bandit32
chmod 755 /home/bandit32
chown root:root /home/bandit32
chown -R root:root /home/bandit32/.[!.]*
echo 3O9RfhqyAlVBEZpVb6LYStshZoqoSx5K > /etc/bandit_pass/bandit32
chown bandit32:bandit32 /etc/bandit_pass/bandit32
chmod 400 /etc/bandit_pass/bandit32
useradd bandit31-git && echo -e "fb5S2xb7bRyFmAvQYQGEqsbhVyJqhnDy\nfb5S2xb7bRyFmAvQYQGEqsbhVyJqhnDy" | passwd bandit31-git
chmod 750 /home/bandit31-git
mkdir -p /home/bandit31-git/repo
chmod 775 /home/bandit31-git/repo
git init --bare /home/bandit31-git/repo
cat <<'README' > /home/bandit31-git/repo/hooks/pre-receive
#!/bin/bash
is_valid="false"
while read oldrev newrev refname; do
for file in $(git diff-tree --no-commit-id --name-only -r $newrev); do
if [[ "$file" == "key.txt" ]]; then
content=$(git show "$newrev:$file")
if [[ "$content" == "May I come in?" ]]; then
is_valid="true"
fi
fi
done
done
echo '### Attempting to validate files... ####'
echo
echo '.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.'
echo
if [ "$is_valid" = "true" ]; then
echo 'Well done! Here is the password for the next level:'
echo '3O9RfhqyAlVBEZpVb6LYStshZoqoSx5K'
else
echo "Wrong!"
fi
echo
echo '.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.oOo.'
echo
exit 1
README
chmod +x /home/bandit31-git/repo/hooks/pre-receive
chown -R bandit31-git:bandit31-git /home/bandit31-git/repo
chsh -s /usr/bin/git-shell bandit31-git
TMP_DIR=$(mktemp -d)
cd $TMP_DIR
# fb5S2xb7bRyFmAvQYQGEqsbhVyJqhnDy
# 패스워드 입력
GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=no' git clone ssh://bandit31-git@localhost:2220/home/bandit31-git/repo
cd $TMP_DIR/repo
cat <<'README' > $TMP_DIR/repo/README.md
This time your task is to push a file to the remote repository.
Details:
File name: key.txt
Content: 'May I come in?'
Branch: master
README
chmod 664 $TMP_DIR/repo/README.md
chown bandit31:bandit31 $TMP_DIR/repo/README.md
echo "*.txt" > $TMP_DIR/repo/.gitignore
git config user.email "noone@overthewire.org"
git config user.name "Ben Dover"
git add $TMP_DIR/repo/.
git commit -m "initial commit"
# fb5S2xb7bRyFmAvQYQGEqsbhVyJqhnDy
# 패스워드 입력
GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=no' git push --all
3. Bandit31 문제풀의
# bandit31 로 설정한 패스워드를 입력하여 접속한다.
# fb5S2xb7bRyFmAvQYQGEqsbhVyJqhnDy
ssh -oStrictHostKeyChecking=no bandit31@localhost -p 2220
TMP_DIR=$(mktemp -d)
cd $TMP_DIR
# fb5S2xb7bRyFmAvQYQGEqsbhVyJqhnDy
# 패스워드 입력
GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=no' git clone ssh://bandit31-git@localhost:2220/home/bandit31-git/repo .
echo "May I come in?" > $TMP_DIR/key.txt
git add -f $TMP_DIR/key.txt
git commit -m "Add Key"
# fb5S2xb7bRyFmAvQYQGEqsbhVyJqhnDy
# 패스워드 확인
GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=no' git push'Wargame > Bandit' 카테고리의 다른 글
| [ Docker ] Bandit Wargame 만들기 - 32번 문제 ( 33 / 33 ) (0) | 2024.09.06 |
|---|---|
| [ Docker ] Bandit Wargame 만들기 - 30번 문제 ( 31 / 33 ) (0) | 2024.09.05 |
| [ Docker ] Bandit Wargame 만들기 - 29번 문제 ( 30 / 33 ) (0) | 2024.06.24 |
| [ Docker ] Bandit Wargame 만들기 - 28번 문제 ( 29 / 33 ) (0) | 2024.06.21 |
| [ Docker ] Bandit Wargame 만들기 - 27번 문제 ( 28 / 33 ) (0) | 2024.06.21 |