Bandit 13
Bandit 13
The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on
So the link provided kind of sucked for telling us what we need here, if you don't know already, RTFM. Looking at the man page we see a switch for ssh.
...
All this time logging into every level with this command, and we never read the man page on ssh. Looking at our page we see the syntax will be something like
Cool lets try it
Okay, read the instructions again, I'm using the local host since we arent connecting outside the network
Sweet, next level
Glowfish Contrast
The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on
Commands you may need to solve this level
ssh, telnet, nc, openssl, s_client, nmapHelpful Reading Material
So the link provided kind of sucked for telling us what we need here, if you don't know already, RTFM. Looking at the man page we see a switch for ssh.
...
SYNOPSIS ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname [command]...
-i identity_file Selects a file from which the identity (private key) for public key authentication is read. The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2. Identity files may also be specified on a per-host basis in the configuration file. It is possible to have multiple -i options (and multiple identities specified in configuration files). If no certificates have been explicitly specified by the CertificateFile directive, ssh will also try to load certificate information from the filename obtained by appending -cert.pub to identity filenames.
All this time logging into every level with this command, and we never read the man page on ssh. Looking at our page we see the syntax will be something like
ssh -i [key][user@hostname ]
Cool lets try it
bandit13@bandit:~$ ls sshkey.private bandit13@bandit:~$ ssh -i sshkey.private bandit14@bandit.lab.overthewire.org ssh: Could not resolve hostname bandit.lab.overthewire.org: Name or service not known
Okay, read the instructions again, I'm using the local host since we arent connecting outside the network
bandit13@bandit:~$ ssh -i sshkey.private bandit14@localhost The authenticity of host 'localhost (127.0.0.1)' can't be established. ECDSA key fingerprint is ee:4c:8c:e7:57:2c:bc:63:24:b8:e6:23:27:63:72:9f. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts. _ _ _ _ | |__ __ _ _ __ __| (_) |_ | '_ \ / _` | '_ \ / _` | | __| | |_) | (_| | | | | (_| | | |_ |_.__/ \__,_|_| |_|\__,_|_|\__| a http://www.overthew... ~ ~ ~ ...ch program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. bandit14@bandit:~$
Sweet, next level
Comments
Post a Comment