Bandit Level 18
The password for the next level is stored in a file readme in the homedirectory. Unfortunately, someone has modified .bashrc to log you out when you log in with SSH.
Commands you may need to solve this level
ssh, ls, cat
Helpful Reading Material
This is a cool one. As soon as I tried to log in I was logged out. This is because
.bashrc is sourced as soon as the shell is opened which in this case has been configured to exit the connection. In other words the pseudo-terminal(
pty) is closed. Note that
ssh uses a pseudo-terminal(
pty) and not a text-terminal(
So I needed to force a pseudo-terminal to open. This can be done with the
-t flag while
ssh -t email@example.com /bin/sh
/bin/sh is the shell I used in my
So now I have a shell I could use to interact with the server. A simple
cat readme gives us the password for the next level.
Note that we didn’t get all the welcome information we used to get in normal
sshes since the normal commands didn’t get executed this time, rather it forced open the
pty I ordered.
There is another way to do it. The
-T flag disables pseudo-terminal allocation. This prevent the sourcing of
.bashrc file. We get just the shell without the terminal and then I used
cat readme to get the password.
ssh -T firstname.lastname@example.org
Level 19 password: Follow @CodeMaxx
Bandit Level 17