bandit 18... the bye bye! one
So, I had to ask for a hint on this one from discord. The person said: “you dont need any extra parameters for ssh command”
I misunderstood this level on a fundamental level. I thought the goal was to login so I could access the readme file for the password. This is not the goal. The goal is to get the password. Logging in is irrelevant. This was mistake one.
Having assumed that I had to log in meant that I interpreted the problem as a matter of “disabling the .bashrc” file so I went about on a wild google search reading about different approaches to doing this. It turns out that this is not an uncommon problem — interestingly. However, this was a mistake on my end to do so because it is skipping the step of what my tool (the level tells you to use ssh) was made to do. I looked up different ways of using ssh towards a specific purpose without understanding the tool's stated purpose.
Had I looked at the manual for ssh instead of assuming I already knew its usage(s), I would have found this description:
ssh (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine.
All I needed to do was read the readme via remote command execution. There was no need to go about disabling the .bashrc.
I've noticed that the levels that I get stuck on are from getting too attached to an initial idea and pursuing that instead of examining ALL my possibilities and experimenting. This almost happened in a previous level but I caught myself. Time to make it into an acronym like my 10DIME for algorithms.
How to problem-solve OTW/CTFs:
- GOAL: What is my goal?
- ASSUMPTIONS: Are there any procedural assumptions in my goal statement that limit how I can get to that goal or is it truly a goal?
- DESCRIBE: Describe my tools. If I can't describe their purpose with certainty, read the description SLOWLY. Not backwards. Not diagonally. SLOWLY.
- Try EVERYTHING!
GADE.
Next.
The solution was simply
ssh banditit18@bandit.labs.overthewire.org -p 2220 "less ~/readme"