{"id":719,"date":"2015-02-15T17:35:46","date_gmt":"2015-02-15T17:35:46","guid":{"rendered":"https:\/\/www.hackmethod.com\/?p=719"},"modified":"2020-12-12T19:25:46","modified_gmt":"2020-12-12T19:25:46","slug":"overthewire-bandit-19","status":"publish","type":"post","link":"https:\/\/hackmethod.com\/overthewire-bandit-19\/","title":{"rendered":"OvertheWire &#8211; Bandit 19"},"content":{"rendered":"<p>[et_pb_section fb_built=&#8221;1&#8243; admin_label=&#8221;section&#8221; _builder_version=&#8221;3.22&#8243;][et_pb_row admin_label=&#8221;row&#8221; _builder_version=&#8221;3.25&#8243; background_size=&#8221;initial&#8221; background_position=&#8221;top_left&#8221; background_repeat=&#8221;repeat&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;3.25&#8243; custom_padding=&#8221;|||&#8221; custom_padding__hover=&#8221;|||&#8221;][et_pb_text admin_label=&#8221;Text&#8221; _builder_version=&#8221;4.7.5&#8243; background_size=&#8221;initial&#8221; background_position=&#8221;top_left&#8221; background_repeat=&#8221;repeat&#8221; hover_enabled=&#8221;0&#8243; sticky_enabled=&#8221;0&#8243;]<strong>Recap of Level 18: <\/strong>Linux file permissions, using private keys to logon to servers.<\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"http:\/\/overthewire.org\/wargames\/bandit\/bandit19.html\" target=\"_blank\" rel=\"noopener\"><strong>Bandit Level 19<\/strong><\/a><\/p>\n<h4><strong>Objective:<\/strong><\/h4>\n<p>Find the password to the next level<\/p>\n<h4><strong>Intel Given:<\/strong><\/h4>\n<ul>\n<li>The password for the next level is stored in a file <strong>readme<\/strong> in the home directory.<\/li>\n<li>Someone has modified <strong>.bashrc<\/strong> to log you out when you log in with SSH.<\/li>\n<\/ul>\n<p><!--more--><\/p>\n<h4><strong>How to:<\/strong><\/h4>\n<p>Some of you go getters may have already tried to log on to bandit18 and found yourself getting kicked out. That\u2019s not an unintentional error, like we gathered from our intel .bashrc has been modified to logout as soon as we login, effectively rendering us helpless. .bashrc is a part of our\u00a0 \u201cprofile\u201d on the remote server that tells the operating system things about our particular profile, such as home directory, preferred shell and text editor, and in our case runs a script that logs us off when we try to ssh in.<\/p>\n<p>Luckily there are ways to get the shell to ignore the startup script. Again this differs with the method of connecting. Let\u2019s start with putty first this time.<\/p>\n<p>The first thing we\u2019re going to do is load the previous session. You have been loading the previous sessions and not typing in the IP or URL everytime, right?<\/p>\n<p><a href=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.1.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"720\" data-permalink=\"https:\/\/hackmethod.com\/overthewire-bandit-19\/bandit19-1\/\" data-orig-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.1.png?fit=466%2C449&amp;ssl=1\" data-orig-size=\"466,449\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"bandit19.1\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.1.png?fit=300%2C289&amp;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.1.png?fit=466%2C449&amp;ssl=1\" class=\" size-full wp-image-720 aligncenter\" src=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.1.png?resize=466%2C449&#038;ssl=1\" alt=\"bandit19.1\" width=\"466\" height=\"449\" srcset=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.1.png?w=466&amp;ssl=1 466w, https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.1.png?resize=300%2C289&amp;ssl=1 300w\" sizes=\"(max-width: 466px) 100vw, 466px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>Next we\u2019re going to go to the SSH option under Connection. You may remember this from a few levels ago.<\/p>\n<p><a href=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.2.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"721\" data-permalink=\"https:\/\/hackmethod.com\/overthewire-bandit-19\/bandit19-2\/\" data-orig-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.2.png?fit=466%2C449&amp;ssl=1\" data-orig-size=\"466,449\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"bandit19.2\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.2.png?fit=300%2C289&amp;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.2.png?fit=466%2C449&amp;ssl=1\" class=\" size-full wp-image-721 aligncenter\" src=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.2.png?resize=466%2C449&#038;ssl=1\" alt=\"bandit19.2\" width=\"466\" height=\"449\" srcset=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.2.png?w=466&amp;ssl=1 466w, https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.2.png?resize=300%2C289&amp;ssl=1 300w\" sizes=\"(max-width: 466px) 100vw, 466px\" \/><\/a><\/p>\n<p>Here we\u2019re going to enter the Remote command \/bin\/bash \u2013norc. \/bin\/bash is telling putty what shell to send the remote command and the option \u2013norc tells the terminal we\u2019re opening to ignore the .bashrc \u201cprofile\u201d file. And bypassing this doesn\u2019t initialize the script that logs us out. So now we\u2019re in!<\/p>\n<p><a href=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.3.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"722\" data-permalink=\"https:\/\/hackmethod.com\/overthewire-bandit-19\/bandit19-3\/\" data-orig-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.3.png?fit=675%2C425&amp;ssl=1\" data-orig-size=\"675,425\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"bandit19.3\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.3.png?fit=300%2C189&amp;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.3.png?fit=675%2C425&amp;ssl=1\" class=\" size-full wp-image-722 aligncenter\" src=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.3.png?resize=675%2C425&#038;ssl=1\" alt=\"bandit19.3\" width=\"675\" height=\"425\" srcset=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.3.png?w=675&amp;ssl=1 675w, https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.3.png?resize=600%2C378&amp;ssl=1 600w, https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.3.png?resize=300%2C189&amp;ssl=1 300w\" sizes=\"(max-width: 675px) 100vw, 675px\" \/><\/a>To achieve this on a unix system we will take the same approach as with Putty, we will just add a few arguments to our normal ssh command like so.<\/p>\n<p><a href=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.4.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"723\" data-permalink=\"https:\/\/hackmethod.com\/overthewire-bandit-19\/bandit19-4\/\" data-orig-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.4.png?fit=700%2C404&amp;ssl=1\" data-orig-size=\"700,404\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"bandit19.4\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.4.png?fit=300%2C173&amp;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.4.png?fit=700%2C404&amp;ssl=1\" class=\" size-full wp-image-723 aligncenter\" src=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.4.png?resize=700%2C404&#038;ssl=1\" alt=\"bandit19.4\" width=\"700\" height=\"404\" srcset=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.4.png?w=700&amp;ssl=1 700w, https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.4.png?resize=600%2C346&amp;ssl=1 600w, https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.4.png?resize=300%2C173&amp;ssl=1 300w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><\/a><\/p>\n<p>The -t tells the host to run the remote command &#8211;norc from the shell bash, which is what we want in order to ignore the .bashrc file, and thus avoid getting logged out. You may notice that before the normal text usually the username, hostname, and present working directory before the $ has changed. Because we had to tell the shell to ignore the profile in order to get logged on we have lost some functionality, including not getting our customized command prompt. This is because what is in front of the $ is an environmental variable , which is user defined and most are user specific. The one that tells the shell what to display on the prompt is PS1. The way to change this is to simply enter the command<\/p>\n<p>$ PS1= \u201cHello World\u201d<\/p>\n<p>The PS1 command is very literal if we input the above, the command prompt will read Hello world like so.<\/p>\n<p><a href=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.5.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"724\" data-permalink=\"https:\/\/hackmethod.com\/overthewire-bandit-19\/bandit19-5\/\" data-orig-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.5-e1424021645787.png?fit=231%2C38&amp;ssl=1\" data-orig-size=\"231,38\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"bandit19.5\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.5-e1424021645787.png?fit=231%2C38&amp;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.5-e1424021645787.png?fit=231%2C38&amp;ssl=1\" class=\"aligncenter wp-image-724 size-full\" src=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.5-e1424021645787.png?resize=231%2C38&#038;ssl=1\" alt=\"bandit19.5\" width=\"231\" height=\"38\" srcset=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.5-e1424021645787.png?w=231&amp;ssl=1 231w, https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.5-e1424021645787.png?resize=230%2C38&amp;ssl=1 230w\" sizes=\"(max-width: 231px) 100vw, 231px\" \/><\/a>That\u2019s nice but I personally like the default settings that give us some information about our username, the host and the present working directory. So let\u2019s set it back to that. With \\u being the current user name, \\h being the current host and \\w being the present working directory, and the dollar sign because&#8230;well it\u2019s a classic.<\/p>\n<p><a href=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.6.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"725\" data-permalink=\"https:\/\/hackmethod.com\/overthewire-bandit-19\/bandit19-6\/\" data-orig-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.6-e1424021688224.png?fit=236%2C53&amp;ssl=1\" data-orig-size=\"236,53\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"bandit19.6\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.6-e1424021688224.png?fit=236%2C53&amp;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.6-e1424021688224.png?fit=236%2C53&amp;ssl=1\" class=\"aligncenter wp-image-725 size-full\" src=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.6-e1424021688224.png?resize=236%2C53&#038;ssl=1\" alt=\"bandit19.6\" width=\"236\" height=\"53\" srcset=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.6-e1424021688224.png?w=236&amp;ssl=1 236w, https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.6-e1424021688224.png?resize=230%2C53&amp;ssl=1 230w\" sizes=\"(max-width: 236px) 100vw, 236px\" \/><\/a>So now that we have our command prompt looking normal again let\u2019s see if we can find that file.<\/p>\n<p><a href=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.7.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"726\" data-permalink=\"https:\/\/hackmethod.com\/overthewire-bandit-19\/bandit19-7\/\" data-orig-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.7-e1424021726612.png?fit=264%2C99&amp;ssl=1\" data-orig-size=\"264,99\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"bandit19.7\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.7-e1424021726612.png?fit=264%2C99&amp;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.7-e1424021726612.png?fit=264%2C99&amp;ssl=1\" class=\"aligncenter wp-image-726 size-full\" src=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.7-e1424021726612.png?resize=264%2C99&#038;ssl=1\" alt=\"bandit19.7\" width=\"264\" height=\"99\" \/><\/a>Well that was easy, comparatively.<\/p>\n<h4><strong>Conclusion:<\/strong><\/h4>\n<p>We learned about .bashrc, and how to start up without invoking it, and about environmental variables and changing the command prompt variable.<br \/>\n[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=&#8221;4.7.5&#8243; _module_preset=&#8221;default&#8221; column_structure=&#8221;1_2,1_2&#8243;][et_pb_column _builder_version=&#8221;4.7.5&#8243; _module_preset=&#8221;default&#8221; type=&#8221;1_2&#8243;][et_pb_image src=&#8221;https:\/\/hackmethod.com\/wp-content\/uploads\/2020\/12\/Previous.png&#8221; _builder_version=&#8221;4.7.5&#8243; _module_preset=&#8221;default&#8221; alt=&#8221;Previous Level&#8221; title_text=&#8221;Previous&#8221; url=&#8221;https:\/\/hackmethod.com\/overthewire-bandit-18&#8243; hover_enabled=&#8221;0&#8243; sticky_enabled=&#8221;0&#8243;][\/et_pb_image][\/et_pb_column][et_pb_column _builder_version=&#8221;4.7.5&#8243; _module_preset=&#8221;default&#8221; type=&#8221;1_2&#8243;][et_pb_image src=&#8221;https:\/\/hackmethod.com\/wp-content\/uploads\/2020\/12\/Next.png&#8221; _builder_version=&#8221;4.7.5&#8243; _module_preset=&#8221;default&#8221; alt=&#8221;Next Level&#8221; title_text=&#8221;Next&#8221; url=&#8221;https:\/\/hackmethod.com\/overthewire-bandit-20&#8243; align=&#8221;right&#8221; hover_enabled=&#8221;0&#8243; sticky_enabled=&#8221;0&#8243;][\/et_pb_image][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recap of Level 18: Linux file permissions, using private keys to logon to servers. &nbsp; Bandit Level 19 Objective: Find the password to the next level Intel Given: The password for the next level is stored in a file readme in the home directory. Someone has modified .bashrc to log you out when you log [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":720,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"<strong><a href=\"https:\/\/www.hackmethod.com\/overthewire-bandit-18\/\" target=\"_blank\">Recap of Last\u00a0Lesson<\/a>:\u00a0<\/strong>Linux file permissions, using private keys to logon to servers\r\n\r\n<a href=\"http:\/\/overthewire.org\/wargames\/bandit\/bandit19.html\" target=\"_blank\"><strong>Bandit Level 19<\/strong><\/a>\r\n\r\n<strong>Objective<\/strong>\r\n\r\nFind the password to the next level\r\n\r\n<strong>Intel Given<\/strong>\r\n<ul>\r\n\t<li>The password for the next level is stored in a file <strong>readme<\/strong> in the home directory.<\/li>\r\n\t<li>Someone has modified <strong>.bashrc<\/strong> to log you out when you log in with SSH.<\/li>\r\n<\/ul>\r\n<!--more-->\r\n\r\n<strong>How to<\/strong>\r\n\r\nSome of you go getters may have already tried to log on to bandit18 and found yourself getting kicked out. That\u2019s not an unintentional error, like we gathered from our intel .bashrc has been modified to logout as soon as we login, effectively rendering us helpless. .bashrc is a part of our\u00a0 \u201cprofile\u201d on the remote server that tells the operating system things about our particular profile, such as home directory, preferred shell and text editor, and in our case runs a script that logs us off when we try to ssh in.\r\n\r\nLuckily there are ways to get the shell to ignore the startup script. Again this differs with the method of connecting. Let\u2019s start with putty first this time.\r\n\r\nThe first thing we\u2019re going to do is load the previous session. You have been loading the previous sessions and not typing in the IP or URL everytime, right?\r\n\r\n<a href=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.1.png\"><img class=\" size-full wp-image-720 aligncenter\" src=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.1.png\" alt=\"bandit19.1\" width=\"466\" height=\"449\" \/><\/a>\r\n\r\n&nbsp;\r\n\r\nNext we\u2019re going to go to the SSH option under Connection. You may remember this from a few levels ago.\r\n\r\n<a href=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.2.png\"><img class=\" size-full wp-image-721 aligncenter\" src=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.2.png\" alt=\"bandit19.2\" width=\"466\" height=\"449\" \/><\/a>\r\n\r\nHere we\u2019re going to enter the Remote command \/bin\/bash \u2013norc. \/bin\/bash is telling putty what shell to send the remote command and the option \u2013norc tells the terminal we\u2019re opening to ignore the .bashrc \u201cprofile\u201d file. And bypassing this doesn\u2019t initialize the script that logs us out. So now we\u2019re in!\r\n\r\n<a href=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.3.png\"><img class=\" size-full wp-image-722 aligncenter\" src=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.3.png\" alt=\"bandit19.3\" width=\"675\" height=\"425\" \/><\/a>To achieve this on a unix system we will take the same approach as with Putty, we will just add a few arguments to our normal ssh command like so.\r\n\r\n<a href=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.4.png\"><img class=\" size-full wp-image-723 aligncenter\" src=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.4.png\" alt=\"bandit19.4\" width=\"700\" height=\"404\" \/><\/a>\r\n\r\nThe -t tells the host to run the remote command --norc from the shell bash, which is what we want in order to ignore the .bashrc file, and thus avoid getting logged out. You may notice that before the normal text usually the username, hostname, and present working directory before the $ has changed. Because we had to tell the shell to ignore the profile in order to get logged on we have lost some functionality, including not getting our customized command prompt. This is because what is in front of the $ is an environmental variable , which is user defined and most are user specific. The one that tells the shell what to display on the prompt is PS1. The way to change this is to simply enter the command\r\n\r\n$ PS1= \u201cHello World\u201d\r\n\r\nThe PS1 command is very literal if we input the above, the command prompt will read Hello world like so.\r\n\r\n<a href=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.5.png\"><img class=\"aligncenter wp-image-724 size-full\" src=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.5-e1424021645787.png\" alt=\"bandit19.5\" width=\"231\" height=\"38\" \/><\/a>That\u2019s nice but I personally like the default settings that give us some information about our username, the host and the present working directory. So let\u2019s set it back to that. With u being the current user name, h being the current host and w being the present working directory, and the dollar sign because...well it\u2019s a classic.\r\n\r\n<a href=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.6.png\"><img class=\"aligncenter wp-image-725 size-full\" src=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.6-e1424021688224.png\" alt=\"bandit19.6\" width=\"236\" height=\"53\" \/><\/a>So now that we have our command prompt looking normal again let\u2019s see if we can find that file.\r\n\r\n<a href=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.7.png\"><img class=\"aligncenter wp-image-726 size-full\" src=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.7-e1424021726612.png\" alt=\"bandit19.7\" width=\"264\" height=\"99\" \/><\/a>Well that was easy, comparatively.\r\n\r\n<strong>Conclusion<\/strong>\r\n\r\nWe learned about .bashrc, and how to start up without invoking it, and about environmental variables and changing the command prompt variable.","_et_gb_content_width":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[44],"tags":[43,45,46],"class_list":["post-719","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-overthewire","tag-bandit","tag-overthewire","tag-tutorials"],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit19.1.png?fit=466%2C449&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p5zY4D-bB","_links":{"self":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/719","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/comments?post=719"}],"version-history":[{"count":8,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/719\/revisions"}],"predecessor-version":[{"id":27556,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/719\/revisions\/27556"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/media\/720"}],"wp:attachment":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/media?parent=719"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/categories?post=719"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/tags?post=719"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}