~ Level 25→26 ~
Level Description
Logging in to bandit26 from bandit25 should be fairly easy… The shell for user bandit26 is not /bin/bash, but something else. Find out what it is, how it works and how to break out of it.
Commands that may be required to solve the level: ssh, cat, more, vi, ls, id, and pwd.
Research Before Solving
There are several commands listed we have not learned of yet. The one that we must learn to solve this level is more. This command is used to filter through text one screenful at a time. Reading through the man pages we find that we can open the vim editor while more has been invoked. To invoke more we can input the command to the shell prompt or we can resize our window so that it is automatically called.
Solution Walkthrough
We will start by logging in to the server as bandit25. Using ls we find that a private key is present inside the home directory.
We can refer back to level 13→14 to be reminded of how to use this key. We must use ssh -i bandit26.sshkey bandit26@127.0.0.1 to log in to bandit26. This time however, we are immediately logged out upon doing so.
This is where the functionality of more is used. While logging in, we can interupt the large OTW image from fully loading by making our window size much smaller. During this process, upon hitting v, we invoke the vim editor.
We are now able to use :e /etc/bandit_pass/bandit26 to edit the password file for bandit26, theoretically this should allow us access to the password inside of it.
Upon hitting enter we are met with the following output:
We've located the password for the next level! 5czgV9L3Xx8JPOyRbXh6lQbmIOWvPT6Z. Exit out of the session, record the password, and proceed to the next level.
Note: it may be a good idea to close your shell session and then open a brand new window before continuing.