Exploring OverTheWire: Level 19 to Level 20 - Bandit Challenge

📆 · ⏳ 2 min read · ·

Introduction

As we continue our ascent in the Bandit Challenge, Level 20 ↗️ brings a new challenge in the form of a setuid binary. Our task is to execute this binary to access the password required for the next level.

Challenge Overview

💡

Level 20 challenges us to use a setuid binary located in the home directory to gain access to the password for the next level. Setuid binaries are executables that are set to run with the privileges of the file owner, allowing us to perform actions we wouldn’t typically have permission for.

Our goal is to execute the binary without arguments to uncover its functionality and retrieve the password.

Approach and Strategy

Follow these steps to successfully solve Level 20

Terminal window
ssh [email protected] -p 2220

Enter the password you obtained from the previous level.

Once logged in, locate the setuid binary using the ls command

Terminal window
ls -l

The binary will have the setuid permission displayed as an s in the file permissions field.

Terminal window
total 16
-rwsr-x--- 1 bandit20 bandit19 14876 Apr 23 18:04 bandit20-do

Execute the setuid binary without arguments to understand its functionality as suggested by the challenge.

Terminal window
./bandit20-do

This command will execute the setuid binary and display information about its usage.

Terminal window
Run a command as another user.
Example: ./bandit20-do id

Since we want to get the password for bandit20, we will execute the setuid binary to access the password by getting the file contents of the /etc/bandit_pass/bandit20 file.

Terminal window
./bandit20-do cat /etc/bandit_pass/bandit20

This command uses the setuid binary to read the password from the specified file.

The output of the command will display the password for the next level. Take note of it for the next level.

Notes

  • Setuid binaries allow execution with the privileges of the file owner. One good example is the passwd command, which allows users to change their passwords. This command is owned by the root user and has the setuid permission set, allowing users to change their passwords without having root privileges.

Conclusion

Congratulations on successfully completing Level 20 of the Bandit Challenge! By executing the setuid binary and utilizing its capabilities, we accessed the password for the next level.

Stay tuned for the next blog post, where we’ll take on Level 21 and continue our quest to become skilled cybersecurity practitioners.

You may also like

  • Exploring OverTheWire: Level 20 to Level 21 - Bandit Challenge

    Welcome back to our captivating journey through the Bandit Challenge! In this blog post, we're geared up to conquer Level 21, where a setuid binary introduces a novel challenge involving network connections. Join me as we delve into the mechanics of connecting to localhost, reading text, and successfully obtaining the password to proceed. Let's dive in!

  • Exploring OverTheWire: Level 18 to Level 19 - Bandit Challenge

    Welcome back to our riveting journey through the Bandit Challenge! In this blog post, we're set to conquer Level 19, where a password is concealed within a file. However, a clever twist awaits us—someone has tampered with the system to log us out during SSH login. Join me as we navigate through this challenge using commands like ssh, ls, and cat, all while devising strategies to overcome the unexpected hurdle. Let's dive in!

  • Exploring OverTheWire: Level 17 to Level 18 - Bandit Challenge

    Welcome back to our captivating journey through the Bandit Challenge! In this blog post, we're set to conquer Level 18, where our mission is to identify the password that has been changed between two files. Join me as we explore file comparisons, employ commands like cat, grep, and diff, and successfully uncover the password to progress further. Let's dive in!