- Get link
- X
- Other Apps
- Get link
- X
- Other Apps
Bandit Level 31 Walkthrough
Level 30 ➔ Level 31: Discovering Secrets in Git Tags
1. My Objective
I am currently logged in as bandit30. My goal is to find the password for Level 31. I am given a new Git repository URL: ssh://bandit30-git@bandit.labs.overthewire.org/home/bandit30-git/repo. After cloning it, I find that the files are empty and the commit history doesn't seem to contain any obvious secrets. I need to dig into a different part of Git's architecture: Tags.
The Hidden Layer: Git doesn't just track files and branches. It also allows developers to put "Bookmarks" on specific points in history. These are called Tags. Sometimes, a tag points to a version of the code that was supposed to be deleted or kept private.
2. The Feynman Explanation: The Photo Album Bookmarks
How can a secret exist in a project if it's not in the files or the main timeline? Think of Git as a massive photo album.
The Post-it Note Analogy:
Imagine I have a photo album (the Repository). Each photo is a change I made to the code. If you flip through the pages (the History/Log), you see everything I did.
Now, imagine I take a bright yellow Post-it Note and stick it on the edge of a specific page. On that note, I write "Secret" or "Version 1.0." This is a Tag.
Even if I keep adding new photos to the end of the album, that Post-it Note stays exactly where I put it. If you only look at the most recent photo, you won't see the secret. You have to look at the side of the album to see if there are any Post-it Notes (tags) sticking out, and then jump directly to the page they are marking. Tags are static references to specific moments in time that might contain data no longer present in the "current" version.
3. Practical Solution
I will clone the repo into /tmp and then check for any available tags that might be hiding the password.
# Step 1: Clone the repository
bandit30@bandit:~$ mkdir /tmp/pritom_tags
bandit30@bandit:~$ cd /tmp/pritom_tags
bandit30@bandit:/tmp/pritom_tags$ git clone ssh://bandit30-git@bandit.labs.overthewire.org:2220/home/bandit30-git/repo
bandit30@bandit:/tmp/pritom_tags$ cd repo
# Step 2: Check the files (usually empty or generic)
bandit30@bandit:/tmp/pritom_tags/repo$ cat README.md
just an empty file...
# Step 3: List all tags in the repository
bandit30@bandit:/tmp/pritom_tags/repo$ git tag
secret
# Step 4: Inspect the content of the 'secret' tag
bandit30@bandit:/tmp/pritom_tags/repo$ git show secret
O96Ng6pE6vSAr4S019SAb36906sV... (Password Revealed!)
bandit30@bandit:~$ mkdir /tmp/pritom_tags
bandit30@bandit:~$ cd /tmp/pritom_tags
bandit30@bandit:/tmp/pritom_tags$ git clone ssh://bandit30-git@bandit.labs.overthewire.org:2220/home/bandit30-git/repo
bandit30@bandit:/tmp/pritom_tags$ cd repo
# Step 2: Check the files (usually empty or generic)
bandit30@bandit:/tmp/pritom_tags/repo$ cat README.md
just an empty file...
# Step 3: List all tags in the repository
bandit30@bandit:/tmp/pritom_tags/repo$ git tag
secret
# Step 4: Inspect the content of the 'secret' tag
bandit30@bandit:/tmp/pritom_tags/repo$ git show secret
O96Ng6pE6vSAr4S019SAb36906sV... (Password Revealed!)
Why did git show secret work?
The git tag command revealed that a tag named "secret" exists. By using git show [tagname], I am telling Git: "Show me exactly what was happening at the moment this tag was created." Since the password was likely stored in a file that was later deleted, the tag captured a 'snapshot' of that file before it vanished from the master branch.
🚀 My Pro Tips: Mastering Git Tags
✨ Annotated vs. Lightweight Tags
Git has two types of tags. Lightweight tags are just pointers to a commit. Annotated tags (like the one here) are stored as full objects in the Git database; they can have a message, a date, and a tagger name. I use git tag -n to see the messages attached to tags.
⭐ Moving to a Tag
If a tag points to a whole different version of the project, I don't just "show" it. I can physically move my folder to that state using:
git checkout secret
This will change all the files in my directory to match how they looked when the tag was made.
🔍 Listing Remote Tags
Sometimes I don't even need to clone the repo to see the tags. I can use:
git ls-remote --tags origin
This "asks" the server for a list of tags without downloading the entire project.
4. Why this matters
In the real world, developers use tags to mark releases (like v1.0.4-stable). However, sometimes they use them for debugging, like tagging a version of the code that still has "test credentials" or "hardcoded API keys" before they clean it up for the final release. As a security professional, I always check the tags of a repository because they often represent "unpolished" versions of the project where secrets might have been left behind.
Tag Deciphered!
I've successfully extracted the password from the Git metadata. I'll save this and move on to Level 31 ➔ Level 32, where I'll learn how to push changes back to a remote repository!
Tags: #Linux #Bandit #OverTheWire #GitTags #GitShow #VersionControl #InformationGathering #CyberSecurity #FeynmanTechnique #CodeWithPritom #ProTips
- Get link
- X
- Other Apps
Devoted to excellence as a Software Engineer
Comments
Post a Comment