Level Goal

Good job getting a shell! Now hurry and grab the password for bandit27!

Solution

in the writeup for the previous level, we did get a shell as user bandit26, in the home directory for user bandit26 we found a file named bandit27-do, let’s get some information about this file.

well, it’s a setuid ELF32 executable that is owned by user bandit27. let’s run it and find out what it does.

it will execute another command that is passed to it on the command line. so we will supply a cat(1) command that get the next level’s password and we are done.