Level 13 → 14

Level Goal

The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on

Write-Up

List the content of the current directory:

ls

Display the content of the sshkey.private file:

cat sshkey.private

This reveals sshkey.private contains an RSA private key.

Use the private key to SSH into bandit14 on localhost:

ssh -i sshkey.private -p 2220 bandit14@localhost

-i sshkey.private: Specifies the private key file to use for authentication
-p 2220: Specifies the port for the OverTheWire game server
bandit14@localhost: Connects to user bandit14 on the same machine

Note: Are you sure you want to continue connecting (yes/no/[fingerprint])? Yes

bandit14 accessed.

Once logged in as bandit14, access the password file:

cat /etc/bandit_pass/bandit14

The retrieved password: MU4VWeTyJk8ROof1qqmcBPaLh7lDCPvS

Log out of the bandit14 session to return to bandit13:

exit

Access the next level:

ssh bandit14@bandit.labs.overthewire.org -p 2220

Enter the password when prompted.

Lessons Learned

SSH keys can be used as an alternative to password authentication
Different user accounts can have varying levels of access to files on a system
Private keys should be kept secure and protected, as they grant access without a password

-- Othmane

PreviousLevel 12 → 13 NextLevel 14 → 15

Last updated 3 months ago