Bandit level 26 requires us to get a shell since you’ll get something different when you login into the machine
let’s start by logging into the server as bandit26
ssh bandit26@bandit.labs.overthewire.org -p 2220
with the ssh key that you should’ve added before from the previous level
When you try to login, you will get the normal starting introduction but then the connection will close.
let’s try first to pass commands with the ssh for example
ssh bandit26@bandit.labs.overthewire.org -p 2220 -t 'ls -la'
but the connection keeps dropping, so it might be because of bandit26 is not using shell so we need to see which “shell” is being used by bandit26.
since we can’t login to the account, let’s go back to bandit25 and check /etc/passwd file where it contains the information we need.
you can bandit25 creds from here.
you should get the following line for bandit26
bandit26:x:11026:11026:bandit level 26:/home/bandit26:/usr/bin/showtext
so it runs a program /usr/bin/showtext, let’s try to see what is the content of that file.
#!/bin/sh export TERM=linux more ~/text.txt exit 0
so we’re using linux terminal, then it runs “more” command to view text.txt and exits.
now, more command will show the whole content of the file if it fits into the screen, meaning if you have a terminal that displays 10 lines on the screen and you run more command for a file that has 6 lines for example, it will show the whole content then exists BUT if you have a terminal that shows 10 lines and the file has 20 lines of content, it will still run and will “paginate” the content.
to put this into practical work, when we were trying to login, the connection was being closed so fast since the lines to show the file is less than the lines that our terminal is capable to show, so let’s try to minimize the site of the terminal.
So we will keep minimizing the terminal until we get something similar.
After you get that, you can change the size of the terminal back to normal again without any problem.
so we were able to show “more” command, stop ssh from closing.
one of the stuff about more is that you can edit the file directly without the need to leave the command, the editor will be the one set by default from the system. To do that you need to press ‘v’ and you should see the vim editor is launched.
right now we have vim running with permissions of bandit26 since it’s our user, so all we need to do is to get the password for that user.
since we have vim open, one of the basic commands for vim is “:e” which allows us to open a file, and as we know the password is saved in /etc/bandit_pass/bandit26, so let’s try to combine these two.
:e /etc/bandit_pass/bandit26
and you should get the following password for our user.
5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z
and that should be it for the bandit level 26.
OTW updated all the passwords sometime after your guide published. I’ve made it through level 16 so far, thank you for the tips on some of these! I can send you the updated flags. Just let me know where or if you’d like it pasted here?
1. bandit1
2. rRGizSaX8Mk1RTb1CNQoXTcYZWU6lgzi
3. aBZ0W5EmUfAf7kHTQeOwd8bauFJ2lAiG
4. 2EW7BBsr6aMMoJ2HjW067dm8EgX26xNe
5. lrIWWI6bB37kxfiCQZqUdOIYfr6eEeqR
6. P4L4vucdmLnm8I7Vl7jG1ApGSfjYKqJU
7. z7WtoNQU2XfjmMtWA8u5rN4vzqu4v99S
8. TESKZC0XvTetK0S9xNwm25STk5iWrBvP
9. EN632PlfYiZbn3PhVK3XOGSlNInNE00t
10. G7w8LIi6J3kTb8A7j9LgrywtEUlyyp6s
11. 6zPeziLdR2RKNdNYFNb6nVCKzphlXHBM
12. JVNBBFSmZwKKOP0XbFXOoW8chDz5yVRv
13. wbWdlBxEir4CaE8LaPhauuOo6pwRmrDw
14. wbWdlBxEir4CaE8LaPhauuOo6pwRmrDw but use the private key obtained
15. jN2kgmIXJ6fShzhT2avhotn4Zcka6tnt
16. JQttfApK4SeyHwDlI9SXGR50qclOAil1
Oh , it will be great, i’l update the posts when i have some time, and i’ll credit you.
do you have a website or social media page so i can refer to you