 What's up everybody? My name is John Hammond and welcome to the final video in the Over the Wire Bandit War Games video series of the walkthroughs I've been doing here. So here we are This should be the very last video because this is the last level that's fully been made for Bandit We're on level 25. We just got the password in the last video It's stored in this file here for us so we can use our SSH pass with the correct user correct port and we are in and The prompt here says logging into Bandit 26 from Bandit 25 should be fairly easy The shell for the user Bandit 26 is not bin bash, but something else find out what it is how it works and how to break out of it Okay Well, what have we got here in our home directory? Well, okay, geez I guess we just see an SSH key for Bandit 26 at least supposedly and it is all right This is another RSA private key or just a file we can use to authenticate with SSH without a password We can just use tack I to specify it I used tab to autocomplete there and we can just say Bandit 26 at Bandit.labs.co I guess let's just let's just use localhost right because this is just ourself We may not have the domain name and stuff set on this box. So Bandit 26 at localhost I hit enter here. Yep. Go ahead and accept the fingerprint and Connection to localhost is closed It gives us this nice ASCII art of Bandit 26, but we don't actually get a shell We're still Bandit 25. You can see our user down here. So What the heck's going on? Well, okay, the prompt told us here the shell for the user Bandit 26 is not bin bash So it's not bash or the show that we're used to but it's something else Find out what it is how it works and how to break out of it So how can we find out what it is? Well, we can check in the password file the etc password file pass Wd and this will show this is it almost on every single Linux computer literally every single Linux computer I've seen this has to be okay. Yeah, I'm just gonna go say all Linux computers This is where the files File file stores And information of the users that are on the system. It is a file that stores the information on the user in the system So you'll get a listing separated by colons of every single user that's on this box So we can see Bandit all the levels that we've accomplished one two three all the way up to where we are now level 25 in Bandit 26 X is where they'd have the password stored but since it's marked with an X it's stored and it's at Rashado gives us the user ID number it gives us And their name like their nickname their home directory and the shell that they operate in so you can see all of these users Kind of have been bashed by default. So they are real users But bandit 26 the level that we're trying to get to has a different entry for the shell It's called a user bin show text, huh? That's not been bashed. So what is that? Let's just run file on that and Oh, it's a shell script. Okay. It's just probably bash. Can we see what that thing is? Let's cat that file out and this is a not a bash script, but just sh. So, okay, so the shell script Sets up a terminal runs the more command on text whatever This must be the banner that we saw that must be the ASCII bandit 26 logo that we saw earlier and then just straight up exits Okay, geez Huh More Have you guys seen that before? Man more more is a lot like less, right? It's more is Not less. It doesn't let you move up. Really. It just lets you buffer Output and just kind of iterate or move through it with just the enter command at least from what I've seen But The catch here is that it more since it buffers it may let you run commands We can Do things with it when it's actually buffering the output we can see in this man page or this information we can actually Execute a command in a sub shell Nice, okay with with an exclamation point or a colon exclamation point So we just need to get more to Buffer buffer the output or whatever is trying to display actually so it will hold at this kind of You see this cursor down at the very bottom That's letting us scroll and move up and down through the buffered output or what it's trying to display on the screen Looks like that bandit 26 banner was pretty small, but if we blow that up we might be able to get it To buffer for us like if I were to run more on a set of password that obviously took up more space in the screen Yeah, so you can see now. I've got this cursor more down here and I can use enter to move through it But if I hit the exclamation point I can run commands in a sub shell just like it had us do Just like it said in the man page I can run who am I and I can get bandit 25. I can Let's run this again exclamation point. Let's cat etc. Bandit pass bandits 25 and There's our password. So if the bandit 26 user is just running this more command Maybe we have to catch it so that it will be able to display that banner in a big enough way So that it'll or maybe a small enough screen so it'll be caught and we'll have to buffer that Let's create a new Terminal window for this make this huge right I'll widen the screen out and And Let's clear this so I just have in the center here Let's get into the folder. We have our bandit 25 password in steal this and Now SSH Bandit 25 at bandit labs dot over the wire org Make sure you have the correct port here to to to zero Paste the password in so we make our connection great now. Let's make this a little bit bigger again. Just for safe keeping that's SSH tack I with the sub key or the private key and We want bandit 26 at local host now when we hit enter. Yes Okay, that's still a Little too big or too small. So let's run this now I get yes again. Okay, cool I just I'm using control shift plus to make the text bigger You could make it really really small window if you wanted to just shrink it down But once you get more to actually buffer and you don't get to see all the text now You can use that exclamation point and do things like Run cat, etc Bandit pass Bandit 26 Now it didn't look like it displayed because it's just a little too big if I enter Nothing's going on Why didn't that happen? Work please Bandit 26 It's just not showing it to us Why is that? Let's try that one more time. Okay? Let's try and run bash Nothing geez now that's still too big here That's not buffering the way we want it to Yes Can I run forward slash been forward slash bash? Still no, can I run colon? No, it didn't let me Been cat etc bandit pass Bandit 26 It just not does not want to display this and I don't know why Well, okay Let's try and move on from that. Maybe there is more we can do More we can do with more Didn't mean to lead you down that wrong path didn't mean to lead you astray here Checking out the man pages. Oh Open up an editor Okay at the the line that it's looking at. Okay, so if it buffers we can still get maybe like oh the text editor like vim or vi to Open up and then we might be able to switch folders or switch the file that we're looking at to Do something more like open other files Let's try that. Yes. I'm good with that. So more is working now. I can hit V Okay, cool. It looks like we are in Vim or vi Now I don't need my screen to be so huge but it helps Okay, so we're in edit mode, but I can hit colon or semi-colon or yeah colon shift semi-colon to get the colon and are in Vim will let you oh boy, oh Gosh, or should let you open up a another Read another file. So let's try and read that bandit pass bandit 24 Sorry bandit 26 What's going on? Let's try this all over again. I'm trying to quit I'm doing a bad job guys. I'm sorry Bandits 26 Changing your read-only file a swap files being opened. Yeah, that's fine. I'm trying to hit one I gotta zoom this out see if it'll tell me anything anything. I don't know oh Okay There's the file We got it somehow I zoomed it out and it worked Let's uh, let's take note of that man. What a finish right and then I'll bend it 26 Place that in there What even happened? Q Let's try that one more time Well, I'm bandit 25s password if I'm gonna do it. Just like that. Let's make sure that actually works So you guys are good to go what we did was We used the private key to SSH into Bandit 26 at local host and more When we got it to buffer, let's just make it really small window here When we got more to buffer we hit R. Oh, no V V to get into them and then colon R to read etc Bandit pass Bandit 26 so I now at this point made this bigger so I can read this and Okay Another file may be adding the same thing To deal with this just hit enter okay nice and it reads it just like that and you can ignore whatever Whatever warning that was with the swap file or another user being able to read this so there we go. That's it That's how okay cool. We finally read the password for Bandit 26 and now we should be done Cuz there is no 26 to 27 That's it guys We did it Check it out Bandit 26 and that is the end of Bandit the introductory Wargame for over the wire So we went through a lot some simple stuff some easy stuff some hard stuff some stuff that Shouldn't have been hard, but I just kept screwing up And I hope you had a good time with it. I hope you I hope you enjoyed I there is obviously a ton of write-ups and solutions and guides all over the internet on over the wire and there are even tons of YouTube videos that do This exact same thing, but hope you guys had fun with this one Hope you enjoyed whatever character or personality I bring to the table, and I hope I didn't move too fast for you Or even too slow in some cases Anyway, I hope you enjoyed these videos, and I hope to be making more of them I'll try and do more war games with over the wire, and I'll try and do other things that are CTF like and cyber security like computer science like so If you like the series again, this is where I can do the shameless plugs with the very end of it all I hope you don't mind. Hey, whatever like comment subscribe all those stupid flashy words that helps youtubers make money, so Thanks guys. I'll see you later