📦 OverTheWire Bandit Level 28: Introduction to Git Repositories and SSH Cloning

Level 28 introduces Git repositories—version control systems that track changes to files. This level teaches you how to clone repositories over SSH, understand Git basics, and discover how version control systems can expose sensitive information if not properly secured.

Level 28 teaches you:

What Git is and how it works
Cloning repositories over SSH
Understanding repository structure
Reading Git repository contents
How version control can expose secrets

If you've made it this far, you understand file operations, scripting, and privilege escalation. Now you're learning about version control—a fundamental tool in software development that can also be a security concern.

🎯 The Objective

After logging into bandit27, your goal is to find the password for Level 28. There's a Git repository at ssh://bandit27-git@localhost/home/bandit27-git/repo. The password for the user bandit27-git is the same as for the user bandit27.

What Level 28 teaches:

Understanding Git repositories
Cloning repositories over SSH
Working with Git repositories
Finding information in repositories

The challenge: Clone the repository and find the password hidden somewhere in it.

🔍 Understanding the Problem

Let's start by connecting to Level 27:

sshpass -p `cat bandit27` ssh bandit27@bandit.labs.overthewire.org -p 2220

Once connected, let's check what's available:

ls -la

The problem: You need to clone a Git repository over SSH. The repository contains the password for Level 28, but you need to access it first.

🧠 What Is Git? Understanding Version Control

Here's what's happening: Git is a version control system that tracks changes to files over time.

How Git Works

Git is a distributed version control system that:

Tracks file changes
Maintains history
Allows collaboration
Stores metadata about changes

Why Git exists:

Track changes to code
Collaborate on projects
Maintain history
Branch and merge code
Backup code

Common Git operations:

clone — Copy a repository
add — Stage changes
commit — Save changes
push — Upload changes
pull — Download changes

Understanding Git Repositories

A Git repository contains:

Files — The actual code/content
History — All previous versions
Metadata — Information about changes
Branches — Different versions of the code

Repository structure:

.git/ — Git metadata (hidden directory)
README.md — Usually contains project info
Other files — The actual project files

Git Over SSH

Git can clone repositories over SSH:

Format: ssh://user@host/path/to/repo
Requires SSH access
Uses SSH authentication
Secure method of cloning

In Level 28: The repository is accessed via SSH using the bandit27-git user.

📋 Step-by-Step Walkthrough

Step 1: Connect to Level 27

sshpass -p `cat bandit27` ssh bandit27@bandit.labs.overthewire.org -p 2220

Step 2: Get the Password Ready

You'll need the bandit27 password for the Git clone. Let's get it:

cat /etc/bandit_pass/bandit27

Copy this password—you'll paste it when Git prompts you.

Pro tip: Keep this terminal open or copy the password to a file so you can paste it easily.

Step 3: Create a Temporary Directory

You need a directory where you have read/write access to clone the repository:

mkdir -p /tmp/m1k3
cd /tmp/m1k3

Why: You can't clone into /home/bandit27 if you don't have write permissions. /tmp is world-writable, so you can create directories there.

Step 4: Clone the Repository

Now clone the repository:

git clone ssh://bandit27-git@localhost/home/bandit27-git/repo

Breaking this down:

git clone — Git command to copy a repository
ssh://bandit27-git@localhost — SSH connection to localhost as bandit27-git
/home/bandit27-git/repo — Path to the repository

What happens:

Git will prompt: "Are you sure you want to continue connecting (yes/no)?"
Type yes and press Enter
Git will prompt for password
Paste the bandit27 password and press Enter

Example output:

Cloning into 'repo'...
bandit27-git@localhost's password: [paste password here]
remote: Counting objects: 3, done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (3/3), done.

Step 5: Navigate into the Repository

Once cloned, change into the repository directory:

cd repo

Step 6: List Repository Contents

Let's see what's in the repository:

ls -la

What you'll see:

drwxr-xr-x  3 bandit27 bandit27 4096 Jan 16 12:00 .
drwxrwxrwx  3 bandit27 bandit27 4096 Jan 16 12:00 ..
drwxr-xr-x  8 bandit27 bandit27 4096 Jan 16 12:00 .git
-rw-r--r--  1 bandit27 bandit27  258 Jan 16 12:00 README

The key: There's a README file. This is usually where important information is stored.

Step 7: Read the README File

Let's read the README:

cat README

What you'll see: The password for Level 28!

Example output:

The password to the next level is: [PASSWORD_HERE]

Step 8: Save the Password

Copy the password and save it:

On Linux/macOS:

echo "PASSWORD_HERE" > bandit28

On Windows (PowerShell):

"PASSWORD_HERE" | Out-File -FilePath bandit28 -NoNewline

Step 9: Connect to Level 28

sshpass -p `cat bandit28` ssh bandit28@bandit.labs.overthewire.org -p 2220

💡 Understanding Git in Depth

Let's dive deeper into Git concepts:

Git Repository Structure

What's in a repository:

Working directory — Your files
Staging area — Files ready to commit
Repository — Committed files and history
.git/ directory — All Git metadata

Common files:

README.md or README — Project documentation
.gitignore — Files Git should ignore
Source code files
Configuration files

Git Commands You'll Use

Basic Git commands:

git clone <url> — Copy a repository
git status — See repository status
git log — View commit history
git show — Show commit details
git diff — Show differences

In Level 28: You only need git clone and basic file operations.

SSH Authentication with Git

How Git SSH works:

Git connects via SSH
SSH authenticates (password or key)
Git accesses repository
Repository is cloned

Why SSH:

Secure authentication
Encrypted connection
Works with passwords or keys
Standard method for Git

🔒 Real-World Context

Why does this matter in penetration testing?

Git repositories are common targets in security assessments:

1. Exposed Git Repositories

In real assessments, you might find:

Public Git repositories with secrets
.git directories exposed on web servers
Git repositories with hardcoded credentials
Historical commits with sensitive data

The technique: Clone or access repositories to find secrets.

2. Common Git Security Issues

Secrets in repositories:

Passwords in code
API keys in commits
Credentials in history
Configuration files with secrets

Why it happens:

Developers commit secrets accidentally
Secrets in old commits (still accessible)
Public repositories with private data
.git directories exposed on web servers

3. Finding Git Repositories

Common locations:

.git/ directories on web servers
Public repositories (GitHub, GitLab, etc.)
Internal Git servers
Backup directories

The skill you're learning: How to access and analyze Git repositories. This is essential for:

Finding exposed secrets
Understanding code structure
Analyzing commit history
Discovering sensitive information

🛠️ Alternative Methods

Here are different ways to approach Level 28:

Method 1: Standard Clone (Recommended)

mkdir -p /tmp/m1k3
cd /tmp/m1k3
git clone ssh://bandit27-git@localhost/home/bandit27-git/repo
cd repo
cat README

Pros: Standard Git workflow, clear and simple Cons: None really

Method 2: Clone with Password in URL

git clone ssh://bandit27-git:PASSWORD@localhost/home/bandit27-git/repo

Pros: No password prompt Cons: Password visible in command history, less secure

Note: This might not work depending on Git/SSH configuration.

Method 3: Using SSH Key

If you had an SSH key, you could use:

git clone ssh://bandit27-git@localhost/home/bandit27-git/repo -i keyfile

Pros: No password needed Cons: Requires SSH key setup

For Level 28, use Method 1 — it's the standard and most secure approach.

🚨 Common Mistakes

Mistake 1: Not Having Write Permissions

Wrong: Trying to clone into /home/bandit27 without write access.

Right: Clone into /tmp or another writable directory.

Why: You need write permissions to create the repository directory.

Mistake 2: Wrong Repository URL

Wrong:

git clone ssh://bandit27@localhost/home/bandit27-git/repo  # Wrong user!

Right:

git clone ssh://bandit27-git@localhost/home/bandit27-git/repo

Why: The repository is owned by bandit27-git, not bandit27. Use the correct user.

Mistake 3: Not Reading the README

Wrong: Looking for the password in other files or Git history.

Right: Read the README file first—it usually contains important information.

Why: README files are standard places for documentation and important notes.

Mistake 4: Wrong Password

Wrong: Using a password from a different level.

Right: Use the bandit27 password (same as the git user).

Why: The objective states the password for bandit27-git is the same as bandit27.

Mistake 5: Not Handling SSH Host Key

Wrong: Not answering "yes" to the SSH host key prompt.

Right: Type yes when Git asks about the host key.

Why: First-time SSH connections require accepting the host key.

💻 Practice Exercise

Try these to reinforce what you learned:

Understand Git basics:
```
git --version
git help clone
```

Practice Git clone:

# Clone a public repository
git clone https://github.com/user/repo.git

Explore repository structure:
```
cd repo
ls -la
cat README
```
Understand Git history:
```
git log
git show HEAD
```

🎓 Understanding Version Control

This level introduces version control concepts:

What Is Version Control?

Version control is tracking changes to files over time:

History — See what changed and when
Collaboration — Multiple people can work on files
Backup — Previous versions are saved
Branching — Work on different versions

Why Version Control Matters

Understanding version control is essential for:

Software development
Security auditing
Finding exposed secrets
Understanding code changes

The skill you're learning: How to work with Git repositories. This is fundamental for:

Penetration testing
Code analysis
Finding secrets
Understanding development workflows

🔗 What's Next?

Level 29 will likely build on Git concepts, possibly involving Git history, branches, or more advanced Git operations.

Before moving on, make sure you:

✅ Understand what Git is
✅ Can clone repositories over SSH
✅ Know how to read repository contents
✅ Understand basic Git structure

📚 Key Takeaways

After completing Level 28, you should understand:

Git repositories — Version control systems
Git clone — Copying repositories
SSH Git access — Cloning over SSH
Repository structure — What's in a Git repo
Finding information — Reading README and other files

🎯 Quick Reference

Concept	Explanation	Example
Git	Version control system	Tracks file changes
Clone	Copy repository	`git clone <url>`
SSH Git	Git over SSH	`ssh://user@host/path`
README	Project documentation	Usually contains important info
Repository	Git project	Contains files and history

🔍 Advanced: Understanding Git Security

If you want to go deeper, here's Git security:

Git Security Concerns

Common issues:

Secrets in code (passwords, keys)
Secrets in commit history (still accessible)
Exposed .git directories
Public repositories with private data

Finding Secrets in Git

Techniques:

Read current files
Check commit history (git log)
Search for keywords (grep -r "password")
Check all branches (git branch -a)
Review diffs (git diff)

In Level 28: The password is in the README, but in real scenarios, you'd check history too.

Questions about Level 28, Git repositories, or version control? Reach out directly:

Email: m1k3@msquarellc.net
Phone: (559) 670-3159
Schedule: Book a free consultation

M Square LLC
Cybersecurity | Penetration Testing | No-Nonsense Advice