22 Apr 2022 - mike
To gain access to the next level, you should use the setuid binary in the homedirectory. Execute it without arguments to find out how to use it. The password for this level can be found in the usual place (/etc/bandit_pass), after you have used the setuid binary.
Using the bandit20-do setuid binary essentially just lets us run a command as that user. It’s binary so trying to cat the file won’t let you see the underlying code. So just trust the exercise it’s letting us work as bandit20 to do a thing.
So let’s run the binary and simply run a command after to read the password file in /etc/bandit_pass
./bandit20-do cat /etc/bandit_pass/bandit20
Now it’ll spit out the next password for us.
GbKksEFF4yrVs6il55v6gwY5aVje5f0j
wargames
footer