OverTheWire Bandit: Level 31 → Level 32

Context

We have connected to Level 31. The goal describes another git repository. This time, however, we aren’t just reading data; we have to upload something.

Solution

Step 1: Clone the Repo

Clone the repository from your local machine (due to the localhost block):

git clone ssh://bandit31-git@bandit.labs.overthewire.org:2220/home/bandit31-git/repo
cd repo

(Password from Level 30)

Step 2: Read Instructions

There is a README.md file. Let’s read it:

cat README.md

It tells us:

“This time your task is to push a file to the remote repository… The file name has to be key.txt and the content ‘May I come in?’.”

Step 3: Create the File

Let’s create the file exactly as requested:

echo 'May I come in?' > key.txt

Step 4: The Obstacle (.gitignore)

Now try to add the file to git:

git add key.txt
# Output:
# The following paths are ignored by one of your .gitignore files:
# key.txt
# Use -f if you really want to add them.

There is a .gitignore file in the repository that tells git to ignore .txt files.

Step 5: Force Add

We can bypass this rule using the -f (force) flag:

git add -f key.txt

Step 6: Commit and Push

Now commit the file and push it back to the server:

git commit -m "Add key.txt"
git push

When you push, the remote server runs a script (a “hook”) that checks your file. If it’s correct, it will print the password for bandit32 in the terminal output!

Key Takeaways

1. .gitignore: A file that tells Git which files or directories to ignore (like build artifacts, logs, or temporary files).
2. git add -f: The command to forcibly stage a file even if it matches a pattern in .gitignore.
3. Git Hooks: Scripts that run automatically on git events (like pre-push or post-receive). In this level, the server used a hook to validate our push and give us the flag.