Previous Level: Level 13
ssh firstname.lastname@example.org -p 2220
The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level.
A little bit of Theory
Until now, we have only logged into the remote machine using
ssh with a password. An alternative to a password is using public-key cryptography. The public key is placed on the computers that should allow access (the remote host) to the user that owns the private key. Like with the password, it is important that only the user knows/owns the private key. The
-i flag allows login with the private key.
scp is a command that uses SSH to transfer data over the network. The syntax to get a file from a remote host looks like the following:
scp -P <port> <user>@<IP>:<remotefilepath> <localfilepath>. To send a file to a remote host, the local file path needs to stand at the beginning.
An alternative to this method is starting a simple web server with python. This is useful when you do not have ssh access. On the machine where the file is you need to start the webserver with the following command:
python3 -m http.server (best is to do it in the directory of the file). On the receiving machine you then just have to send an HTTP request:
I logged into the server as bandit13 and found the file ‘sshkey.private’ in the home directory. Knowing the location of the file, I can transfer it to my machine.
scp to connect to the remote machine and get the ssh key.
Now that I had the private ssh key, I tried to log in with it. However, I got the following warning
Permissions 0640 for 'sshkey.private' are too open., because it had the following writing permissions:
-rw-r-----. So I reduced the permissions with
chmod 700 sshkey.private, so only the owner (me) has permissions for the file. The permissions will then look like this:
-rwx------. And now it is possible to use the key to log into the new level:
And we got into the server as bandit14.
Next Level: Level 15