~ Level 32→33 ~

Upon logging into the OverTheWire server as bandit32 we are met with a peculiar greeting.

We appear to be in a different shell than what we are accustomed to. Attempting to type in a command gives the following output:

Turning to the internet for help, we find that we are in a Bourne Shell. This shell was the predecessor to the bash shell which we have mainly used up to this point. The level description states that we need to escape. This must mean that we need to escape this shell to find the password.

We will once again turn to the internet for help. Further research finds that .sh shell scripts use exit codes. These are denoted using a $ along with a digit from 0-255. Multiple sources state the number 0 is used when a task has been completed succesfully, thus returning a user back to the original shell. Let's try to type $0 into the prompt to see if it will help us exit:

The $ shows that we succefully exited to a bash shell! Now that we can use the commands we are used to, use ls to list any files.

We see the file that put us into the Bourne Shell. Using cat on it, we see a good amount of gibberish. Let's see the file's type by using file uppershell

The file says setuid, remembering back to previous levels, this type of file allowed us to have escalated priveleges. If we run the file, we will return back to the other shell. Instead, let's just use cat on the file where previous passwords have been stored.

We've located the password to the final level! Close out of your ssh client and reopen one before moving on.

Password: c9c3199ddf4121b10cf581a98d51caee