 Hey, what's up guys? This is John Hammond, and I'm looking at Bandit from Over the Wire, which is weird because we pretty much finished that. But as I found out yesterday while I was doing a live stream for the first time, that was pretty crazy cool. A few people noted and let me know that there are new levels that have just been added to Bandit. So they're all Git-oriented and I want to showcase them because we were able to run through them. Myself, another individual that we opened up a Discord server that I'll give you some more information at later in the video. But I want to showcase these challenges because they're pretty neat. So we've got to review back to where we were at level 26. If I go ahead and connect to it, remember this would just print out a certain banner because there is no real shell for this user Bandit 26, but they give you this thing that we would actually go through because it's being ran through the more command as we saw in another script there. So if I actually just use Terminator to shrink the size of this, we can get eventually that banner to be paginated or buffered so we can enter Vim with the V key. And then how we done before, we can like edit a file, right? So we have wanted to use colon and then each add another file. We could go into etc. Bandit pass and we would want Bandit 27, but it wouldn't let us read that. So as we had done before, we were able to read etc. Bandits pass Bandit 26 and that works just fine for us. But that's the password that we have to this current level, right? Like if I were to check that out, that's what we already know. So what else can we do here? Well, we can get a full on shell. So if I were to run shell, that doesn't do anything for us. It puts us back in whatever Vim editor that we were in because it looks like it's still trying to run the more command because remember that is the shell for this user. So we have to set the shell to something else. And we can do that in Vim, right? We can set shell to equal forward slash bin forward slash bash. Now when we run it shell, cool, we've got a prompt and we are in that bandit user. So if I LS check out what we have here, we have text dot text, which is the big banner that we saw. We also have this other file that looks like a set UID binary. Yep. Bandit 27 hyphen do owned by Bandit 27. So if we just run that, it looks like it will do whatever we want. It can just do ID. Perfect. Let's get the password. Let's cat out, etc. Bandits underscore pass bandit 27. And there we go. Now we've got the password for Bandit 27. Let's take note of that. Bandit 27. Cool. I've got it set up here because I've been trying to run through these already. And now let's break out of the shell. They have to quit a few good times. But now we can switch over to Bandit 27. Once we are connected, we can LS, but there's nothing here. So I want to check out the prompt for this on the website. It says get a shell for this 26 that we did check out 27 get repository at this location, which we can clone. And it's using the exact same password as the bandit 27 user. Okay, so let's make a home for us to work in in temporary directory. I'm gonna have to use a couple of these because I've already been working. So it doesn't matter where you put yourself, but as long as you have a place to work. And let's get clone this guy, paste that in. Yes, that's fine. We will need to know the password. So let's check out that for Bandit 27. I'll throw that in my clipboard, paste it in. Cool. And now we have a new folder here called repo. So let's change directory into repo. LS, there's a read me file, which we can cat out. And okay, it just straight up gives us the password for the next level. Pretty, pretty easy, pretty simple. I guess that one was just trying to explain how we can get clone. So if you haven't used get before, I can do a whole another like video series on this stuff if I particularly if you need me to. But it's awesome. And it is a free and open source control system version control system that will essentially allow you to like keep track of the code that you write, no matter what version you're on, it'll keep track of your history, the changes that you make, et cetera, et cetera. So it's also kind of houses your application puts it in a repository, essentially a special folder that can do lots of cool things. And you can keep track of other different renditions of it between a different branch. There are all the changes can be noted with a specific message like a commit message, et cetera, et cetera. So let's take keep track of Bandit 28. Perfect. We've got that. And once we disconnect, we can go try the next one, Bandit level 28. Looks like it's just a different name here, but that's just fine. We'll switch over to Bandit 8 now. Once we are connected, still no repository. So let's make a new directory for us to work in. Get clone. Yes. Let's cat out. We're on Bandit 28 now. Yep. Throw that into our clipboard. And now we have that new repository that we can check out. And let's see what that file is. Okay, looks like it's trying to hide out the password for the next level. So let's do what we can do in Git and just get a log of the previous changes. Git log. We can see, oh, okay, there was the initial commits. It says admissing data. That initial commit is noted by that Git SHA-1 identifier, just that hash. Same thing with admissing data, fixed info leak. So this must be the most recent message that we are on, right? So if we want to check out the missing data, maybe that has the password. So if we wanted to, we can take that SHA-1 identifier and Git show that one. Okay, cool. So you can see it removed the minus minus in red here. It removed the password to be determined it used to have. And it added this password here. So that must be the password for Bandit 29. Sweet, let's take note of that, Bandit 29. We're just cruising through these because it gets pretty neat, pretty cool, pretty simple. Let's call it quits for now. Well, let's just verify that that is the password for Bandit 29 because I don't want this video to get too, too long. I do still want to give a little shout out to my supporters, the people that love me on Patreon. And I want to point out the Discord server, which is super duper cool. It is slowly growing. We have a decent amount of people that are usually all online and some offline individuals, but live overflow came and joined. So totally a shout out to him. He's super awesome. There's been a lot of really cool conversations, a lot about hack the box over the wire, some other war games and like practice stuff between Pico CTF, et cetera, other ideas for the YouTube channel. So if you want a small community of programmers and hackers, like come hang out, I'll put the link in the description, but it's awesome. Totally just jam with us. That was a product of the live stream that I was doing. And I hope to do more live streams in the future. I might try and do them every weekend or every other weekend. So, but it also will just come at random. If you want to know more or have more conversations with me about what's happening when, like hang out on the Discord. It'll be really, really cool. All right, some love to the people that love me on Patreon. I cannot say thank you enough. And I do this every time at the end of every video because it's the least that I can do. Thank you so, so much for your support and your donations. It's just incredible and surreal to me to see that there are some people willing to, like take out their credit card and, you know, go on this, don't go on this journey with me, do this adventure through the internet, through YouTube, with me. So I'm grateful for that. Hey, $1 a month on Patreon will give you this special shout out at the end of every single video. $5 a month on Patreon will give you early access to all of my videos that I release on YouTube. And we might do some new stuff now that we've got the Discord server and see what other, other stuff we can do for other cool incentives. But hey, if you did like this video, please do press that like button. Maybe leave me a comment if you're willing. Maybe subscribe. I would appreciate it. If you wanna check me out on Discord, certainly can, link in the description. My Patreon account, please support me for a little bit. And I've got a new website, www.johnhamman.org, that hopefully it'll fill with content soon. But it's kind of in the works right now. So, sweet, see you soon, next video. We'll finish up Bandit on these new levels.