DEV Community

Cover image for Bandit Level 19 Level 20
Christian Paez
Christian Paez

Posted on

Bandit Level 19 Level 20

#ctf #writeup #overthewire #bandit

Introduction

Greetings, Welcome back to the OverTheWire Bandit challenges. In this level, we are presented with a custom binary that has to be exploited to get secret information.

Previous Flag

In the previous challenge, we successfully acquired the following flag:

Flag:

awhqfNnAbc1naukrpqDYcF95h7HoMTrC
Enter fullscreen mode Exit fullscreen mode

Exploring bandit20-do

Our next task involves the execution of the ./bandit20-do command. Let's initiate it and see what it does:

./bandit20-do
Enter fullscreen mode Exit fullscreen mode

It seems like this binary executes whatever bash command we provide as the user we want to escalate to, bandit20.

Retrieving Bandit20 Password

Now that we have access to bandit20-do, let's utilize it to read the contents of the /etc/bandit_pass/bandit20 file:

./bandit20-do cat /etc/bandit_pass/bandit20
Enter fullscreen mode Exit fullscreen mode

Executing this command should reveal the password for the Bandit level 20.

Flag:

VxCazJaVykI6W36BkBU0mJTCM8rR95XT
Enter fullscreen mode Exit fullscreen mode

Top comments (0)

Read next

getambassador2024 profile image

From Basics to Real-Time Performance: a Complete Guide to API Requests

Ambassador -

neehar_priydarshi_4a16d92 profile image

Implementing Retrieval-Augmented Generation with LangChain, Pgvector and OpenAI

neehar priydarshi -

abhinowww profile image

Mistral vs GPT: A Comprehensive Comparison of Leading AI Models

Abhinav Anand -

jamesli profile image

Building a Medical Literature Assistant: RAG System Practice Based on LangChain

James Li -