OverTheWire

OverTheWire: Bandit Level 13 → Level 14

https://overthewire.org/wargames/bandit/bandit14.html

Level Goal

The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on

Commands you may need to solve this level

ssh, telnet, nc, openssl, s_client, nmap

Helpful Reading Material

SSH/OpenSSH/Keys

How to use SSH keys for authentication

Solution

View the contents of the current working directory

bandit13@bandit:~$ ls
sshkey.private

We have an SSH private key. We can use the SSH command with the -i flag to use the private key

bandit13@bandit:~$ ssh -i sshkey.private bandit14@localhost

(If asked for fingerprint confirmation types “yes”)

We have logged in as bandit14 we can confirm this by looking at your prompt

bandit14@bandit:~$

Get the password for the current user

bandit14@bandit:~$ cat /etc/bandit_pass/bandit14
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e

We have found the password for bandit14 !!

Logout of current (bandit14) session then logout of the bandit13 session and use password of user bandit14 to access next level

> ssh bandit14@bandit.labs.overthewire.org -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
bandit14@bandit.labs.overthewire.org's password: 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e

Previous Level

OverTheWire: Bandit Level 12 → Level 13

Next Level

OverTheWire: Bandit Level 14 → Level 15