Level Goal

There is a git repository at ssh://bandit28-git@localhost/home/bandit28-git/repo. The password for the user bandit28-git is the same as for the user bandit28.
Clone the repository and find the password for the next level.

Solution

cloning the repo and listing the files in the working directory, we find README.md file, as we can see the credentials for user bandit29 is stored in this file, but the password filed contains aplaceholder not he password itself.

so, let’s get more informations about the versions of this file by viewing the commit history for this repository.

hmmm, the commit message [ FIX INFO LEAK ] seems interesting, let’s get information about this commit.

the README.md file was updated in this commit by replacing the user bandit29’s password with a placeholder, so we got the next level’s password and we are done!.