Bandit 19 -> 20

Login

• ssh : ssh bandit19@bandit.labs.overthewire -p 2220
• password : cGWpMaKXVwDUNgPAVJbWYuGHVn9zl3j8

Task :

• to get you next level password you have to figure out how to use the given setuid binary file

Theory

• in linux you can always see the permission of files by typing the command ls -l, the common ones are -rwxrwxrwx where
  • r is for reading
  • w for writing
  • x for executing
• they describe the permissions of the owner , user of the same group, other users
• suid is a special permission noted by s where it let u use a file with the same permissions as it’s owner.

Solution

• I first run the given file with out argument : ./bandit20-do to get the way how to use it.
• then ./bandit20-do, and I got a list of options i can use :

uid=11019(bandit19) gid=11019(bandit19) euid=11020(bandit20) groups=11019(bandit19)

I noticed that the euid (effective user id) is the id of bandit20, that means this files will let us use files that bandit20 can use, i just needed to get the user password from ./etc/bandit_pass/bandit20

./bandit20-do cat /etc/bandit_pass/bandit20