OverTheWire Bandit: Level 28 → Level 29

Context

We have cloned the repository using the password from the previous level. However, when we look for the password in the README.md file, we notice something strange:

cat README.md
# Output:
# (Empty or generic text, but no password)

The instructions imply the password was here but has been removed. This means we need to look into the Git History.

Solution

Step 1: Clone the Repo

If you haven’t already, clone the repository. Remember, if localhost is blocked, do this from your local machine:

git clone ssh://bandit28-git@bandit.labs.overthewire.org:2220/home/bandit28-git/repo

(Password from Level 27)

Step 2: Check the Logs

Enter the repository directory and check the commit history:

cd repo
git log

You will see a list of commits. Look for something suspicious in the commit messages, like “fix info leak”, “remove password”, or “add credentials”.

You might see output like this:

commit 4b3d...
Author: ...
Date: ...
    fix info leak

commit 9d2a...
Author: ...
Date: ...
    add credentials

Step 3: Travel Back in Time

We want to see what changed in that specific commit (where the leak was “fixed”). We can use git show to see the difference (diff) introduced by a commit.

git show <COMMIT_HASH>
# Example: git show 4b3d

Alternatively, you could checkout the previous commit to revert the files to that state:

git checkout <COMMIT_HASH_OF_ADD_CREDENTIALS>
cat README.md

Using git show is usually faster. In the diff output, lines starting with - (red) are what was removed. You should see the password there!

Key Takeaways

1. Git Log: git log shows the chronological history of changes in a repository.
2. Git Show: git show <commit> displays the details of a specific commit, including the “diff” (what changed).
3. Security Lesson: Never commit secrets (passwords, API keys) to version control. Even if you “delete” them in a later commit, they remain in the history forever unless you rewrite the entire history.