Level 13 → 14

Level Goal

The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on

Write-Up

1. List the content of the current directory:

ls

1. Display the content of the sshkey.private file:

cat sshkey.private

This reveals sshkey.private contains an RSA private key.

1. Use the private key to SSH into bandit14 on localhost:

ssh -i sshkey.private -p 2220 bandit14@localhost

• -i sshkey.private: Specifies the private key file to use for authentication

• -p 2220: Specifies the port for the OverTheWire game server

• bandit14@localhost: Connects to user bandit14 on the same machine

Note: Are you sure you want to continue connecting (yes/no/[fingerprint])? Yes

bandit14 accessed.

1. Once logged in as bandit14, access the password file:

cat /etc/bandit_pass/bandit14

The retrieved password: MU4VWeTyJk8ROof1qqmcBPaLh7lDCPvS

1. Log out of the bandit14 session to return to bandit13:

exit

1. Access the next level:

ssh [email protected] -p 2220

Enter the password when prompted.

Lessons Learned

• SSH keys can be used as an alternative to password authentication

• Different user accounts can have varying levels of access to files on a system

• Private keys should be kept secure and protected, as they grant access without a password

-- Othmane