Level 29

Log in to the server as bandit29 and the password.

There is a git repository at ssh://bandit29-git@localhost/home/bandit29-git/repo. The password for the user bandit29-git is the same as for the user bandit29.

I do the same spiel again, cloning the repository.

bandit29@bandit:/tmp/tmp.fXeAddNKnj$ cd repo/
bandit29@bandit:/tmp/tmp.fXeAddNKnj/repo$ ls
README.md
bandit29@bandit:/tmp/tmp.fXeAddNKnj/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.

## credentials

- username: bandit30
- password: <no passwords in production!>

bandit29@bandit:/tmp/tmp.fXeAddNKnj/repo$ git log
commit 84abedc104bbc0c65cb9eb74eb1d3057753e70f8
Author: Ben Dover <noone@overthewire.org>
Date:   Tue Oct 16 14:00:41 2018 +0200

    fix username

commit 9b19e7d8c1aadf4edcc5b15ba8107329ad6c5650
Author: Ben Dover <noone@overthewire.org>
Date:   Tue Oct 16 14:00:41 2018 +0200

    initial commit of README.md

This time the password is nowhere to be found. There is a reference about production, so my assumption is that another branch might contain the password.

bandit29@bandit:/tmp/tmp.fXeAddNKnj/repo$ git branch -a
* master
  remotes/origin/HEAD -> origin/master
  remotes/origin/dev
  remotes/origin/master
  remotes/origin/sploits-dev
bandit29@bandit:/tmp/tmp.fXeAddNKnj/repo$

Bingo, there are other branches. I checkout the dev branch.

bandit29@bandit:/tmp/tmp.fXeAddNKnj/repo$ git checkout dev
Switched to branch 'dev'
Your branch is up-to-date with 'origin/dev'.
bandit29@bandit:/tmp/tmp.fXeAddNKnj/repo$ ls
code  README.md
bandit29@bandit:/tmp/tmp.fXeAddNKnj/repo$ cat README.md
# Bandit Notes
Some notes for bandit30 of bandit.

## credentials

- username: bandit30
- password: 5b90576bedb2cc04c86a9e924ce42faf

bandit29@bandit:/tmp/tmp.fXeAddNKnj/repo$

And there it is.