November 23, 2018

OverTheWire Bandit write-up(Level 25 → Level 26)

The current write-up that you are viewing is an ordinary write-up.
현재 보고계신 write-up은 일반 write-up 입니다.

To comply with the rule, in this write-up, I just deal with some hints related to this challenge. Here is no correct answer and no solution.

룰을 준수하기 위해, 이 문서에서는 이 챌린지와과 관련된 몇 가지 힌트만을 다룹니다. 여기에 정답과 솔루션은 없습니다.

For the full write-up PDF please refer to the Facebook page WARGAMER.
풀 write-up PDF는 페이스북 페이지 WARGAMER를 참고하세요.

WARGAMER(Link)




Bandit Level 25 → Level 26

Level Goal
Logging in to bandit26 from bandit25 should be fairly easy… The shell for user bandit26 is not /bin/bash, but something else. Find out what it is, how it works and how to break out of it.

레벨 목표
"bandit25"에서 "bandit26"으로 로그인 하는 방법은 매우 쉽다. "bandit26"의 기본 쉘은 bash가 아닌 다른 쉘이다. 그게 무엇인지, 어떻게 동작하는지, 어떻게 활용할 수 있는지 찾아내라.

Commands you may need to solve this level
현재 레벨을 클리어하기 위해 필요할 것으로 생각되는 명령어.
ssh, cat, more, vi, ls, id, pwd

This challenge requires the ability to deal with the vi editor. If you experienced with the vi editor in various situations, It will be easier.

이 챌린지는 vi 에디터를 다루는 능력을 요구합니다. 만약 다양한 상황에서의 vi 에디터 사용 경험이 있다면 보다 수월할 것입니다.

This is some part of the resolution procedures. I could find the flag as follow.
이것은 풀이 과정중 일부입니다. 아래와 같이 플래그를 찾을 수 있었습니다.

bandit25@bandit:~$ ssh -p 2220 -i ./bandit26.sshkey bandit26@127.0.0.1
ssh: connect to host 127.0.0.1 port 2220: Connection refused
bandit25@bandit:~$ ssh -i ./bandit26.sshkey bandit26@127.0.0.1
Could not create directory '/home/bandit25/.ssh'.
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/bandit25/.ssh/known_hosts).
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames

Linux bandit 4.18.12 x86_64 GNU/Linux

- Omission. 중략. -

  Enjoy your stay!

  _                     _ _ _   ___   __
 | |                   | (_) | |__ \ / /
 | |__   __ _ _ __   __| |_| |_   ) / /_
 | '_ \ / _` | '_ \ / _` | | __| / / '_ \
 | |_) | (_| | | | | (_| | | |_ / /| (_) |
 |_.__/ \__,_|_| |_|\__,_|_|\__|____\___/
Connection to 127.0.0.1 closed.
bandit25@bandit:~$
bandit25@bandit:~$
bandit25@bandit:~$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin

- Omission. 중략. -

bandit24:x:11024:11024:bandit level 24:/home/bandit24:/bin/bash
bandit25:x:11025:11025:bandit level 25:/home/bandit25:/bin/bash
bandit26:x:11026:11026:bandit level 26:/home/bandit26:/usr/bin/showtext
bandit27:x:11027:11027:bandit level 27:/home/bandit27:/bin/bash
bandit28:x:11028:11028:bandit level 28:/home/bandit28:/bin/bash
bandit29:x:11029:11029:bandit level 29:/home/bandit29:/bin/bash

- Omission. 중략. -

bandit25@bandit:~$
bandit25@bandit:~$
bandit25@bandit:~$ cat /usr/bin/showtext
#!/bin/sh

export TERM=linux

more ~/text.txt
exit 0

OverTheWire Bandit more and vi