Kappa
“Great things are not done by impulse, but by a series of small things brought together.”
Host: bandit.labs.overthewire.org
Port: 2220
Level 19
ssh bandit19@bandit.labs.overthewire.org -p 2220
password: awhqfNnAbc1naukrpqDYcF95h7HoMTrC
Objective:
To gain access to the next level, you should use the setuid binary in the homedirectory. Execute it without arguments to find out how to use it. The password for this level can be found in the usual place (/etc/bandit_pass), after you have used the setuid binary.
- Suid is a special permission, it will replace "x" of the user permission. The binary will run as owner, not the one executing it.
CLI:
bandit19@bandit:~$ ls -la
total 36
drwxr-xr-x 2 root root 4096 Oct 5 06:19 .
drwxr-xr-x 70 root root 4096 Oct 5 06:20 ..
-rwsr-x--- 1 bandit20 bandit19 14876 Oct 5 06:19 bandit20-do
-rw-r--r-- 1 root root 220 Jan 6 2022 .bash_logout
-rw-r--r-- 1 root root 3771 Jan 6 2022 .bashrc
-rw-r--r-- 1 root root 807 Jan 6 2022 .profile
bandit19@bandit:~$ ./bandit20-do
Run a command as another user.
Example: ./bandit20-do id
bandit19@bandit:~$ ./bandit20-do ls /etc/bandit_pass
bandit0 bandit13 bandit18 bandit22 bandit27 bandit31 bandit6
bandit1 bandit14 bandit19 bandit23 bandit28 bandit32 bandit7
bandit10 bandit15 bandit2 bandit24 bandit29 bandit33 bandit8
bandit11 bandit16 bandit20 bandit25 bandit3 bandit4 bandit9
bandit12 bandit17 bandit21 bandit26 bandit30 bandit5
bandit19@bandit:~$ ./bandit20-do cat /etc/bandit_pass
cat: /etc/bandit_pass: Is a directory
bandit19@bandit:~$ ./bandit20-do cat /etc/bandit_pass/bandit20
VxCazJaVykI6W36BkBU0mJTCM8rR95XT
bandit19@bandit:~$