MayADevBe Blog

A Blog about Computer Science

OverTheWire Bandit Level 13 -> 14 - Walkthrough

Published - 2022-02-21 | 2min

Previous Level: Level 13

Login

SSH: ssh bandit13@bandit.labs.overthewire.org -p 2220

Password: 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL

Task

The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level.

A little bit of Theory

Until now, we have only logged into the remote machine using ssh with a password. An alternative to a password is using public-key cryptography. The public key is placed on the computers that should allow access (the remote host) to the user that owns the private key. Like with the password, it is important that only the user knows/owns the private key. The -i flag allows login with the private key.

scp is a command that uses SSH to transfer data over the network. The syntax to get a file from a remote host looks like the following: scp -P <port> <user>@<IP>:<remotefilepath> <localfilepath>. To send a file to a remote host, the local file path needs to stand at the beginning.

An alternative to this method is starting a simple web server with python. This is useful when you do not have ssh access. On the machine where the file is you need to start the webserver with the following command: python3 -m http.server (best is to do it in the directory of the file). On the receiving machine you then just have to send an HTTP request: wget http://<ip>:8000/<pathtofile>

Solution

I logged into the server as bandit13 and found the file ‘sshkey.private’ in the home directory. Knowing the location of the file, I can transfer it to my machine.

1
2
3
4
5

bandit13@bandit:~$ ls
sshkey.private
bandit13@bandit:~$ exit
logout
Connection to bandit.labs.overthewire.org closed.

I used scp to connect to the remote machine and get the ssh key.

1
2
3
4
5
6

┌──(kali㉿kali)-[~]
└─$ scp -P 2220 bandit13@bandit.labs.overthewire.org:sshkey.private .         
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames

bandit13@bandit.labs.overthewire.org's password: 
sshkey.private

Now that I had the private ssh key, I tried to log in with it. However, I got the following warning Permissions 0640 for 'sshkey.private' are too open., because it had the following writing permissions: -rw-r-----. So I reduced the permissions with chmod 700 sshkey.private, so only the owner (me) has permissions for the file. The permissions will then look like this: -rwx------. And now it is possible to use the key to log into the new level:

1
2

┌──(kali㉿kali)-[~]
└─$ ssh -i sshkey.private bandit14@bandit.labs.overthewire.org -p 2220

And we got into the server as bandit14.

https://overthewire.org/wargames/bandit/bandit14.html

Next Level: Level 15


Share on:
Comments:
Related Content:
OverTheWire Bandit Level 32 -> 33 - Walkthrough

A walkthrough of Level 32 -> 33 of the Bandit wargame from OverTheWire. - Linux Variables and shell escape.

OverTheWire Bandit Level 31 -> 32 - Walkthrough

A walkthrough of Level 31 -> 32 of the Bandit wargame from OverTheWire. - Git Push, Commit, Ignore, Add.