OverTheWire: Bandit Level 13 → Level 14
The Bandit wargames are aimed at absolute beginners. It will teach the basics needed to be able to play other wargames.
Level Goal
The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on
Commands you may need to solve this level
ssh, telnet, nc, openssl, s_client, nmap
Helpful Reading Material
SSH/OpenSSH/Keys - Community Help Wiki
How to use SSH keys for authentication - UpCloud
Solution
View the contents of the current working directory
1
2
bandit13@bandit:~$ ls
sshkey.private
We have an SSH private key. We can use the SSH command with the “-i” flag to use the private key
1
bandit13@bandit:~$ ssh -i sshkey.private -p 2220 bandit14@localhost
(If asked for fingerprint confirmation type “yes”)
We have logged in as bandit14 we can confirm this by looking at your prompt
1
bandit14@bandit:~$
Get the password for the current user
1
2
bandit14@bandit:~$ cat /etc/bandit_pass/bandit14
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
We have found the password for bandit14 !!
Logout of the current (bandit14) session then log out of the bandit13 session and use the password of user bandit14 to access the next level
1
2
3
4
> ssh [email protected] -p 2220
This is a OverTheWire game server. More information on http://www.overthewire.org/wargames
[email protected]'s password: 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e