Exploring OverTheWire: Level 13 to Level 14 - Bandit Challenge

📆 · ⏳ 2 min read ·
# overthewire
· 👀

Introduction

As we progress further in the Bandit Challenge, Level 14 ↗️ presents us with a unique scenario. Our objective is to obtain a private SSH key stored in a particular location, which will allow us to access the next level.

By utilizing our knowledge of secure connections, cryptographic tools, and SSH keys, we’ll retrieve the private key, configure our connection, and successfully log into the next level.

Challenge Overview

💡

Level 14 challenges us to retrieve a private SSH key that can be used to log into the next level. The password for the next level is stored in a specific location and can only be read by user bandit14.

Our task is to access this location, retrieve the private key, and use it to establish a secure SSH connection to the next level.

Approach and Strategy

Follow these steps to successfully solve Level 14

Terminal window
ssh [email protected] -p 2220

Enter the password you obtained from the previous level.

Once logged in, retrieve the private SSH key by copying its contents using the cat command

Terminal window
cat sshkey.private

Create a directory under /tmp to store the SSH key and move into it using cd.

Terminal window
mkdir /tmp/sshkey && cd /tmp/sshkey

Create a file named id_rsa and paste the contents of the private key into it. Choose your preferred text editor to create the file. Here I am using vi.

Terminal window
vi id_rsa

Set the permissions of the id_rsa file to 600.

Terminal window
chmod 600 id_rsa

Log in to the next level using SSH and the private key.

Terminal window
ssh bandit14@localhost -p 2220 -i id_rsa

The -i flag specifies the identity (private key) to be used for authentication.

Once logged in, find the password for the next level by using the cat command to read the contents of the /etc/bandit_pass/bandit14 file.

Terminal window
cat /etc/bandit_pass/bandit14

This will display the password for Level 14. Take note of it for the next level.

Conclusion

Congratulations on successfully completing Level 14 of the Bandit Challenge! By retrieving the private SSH key, configuring your local machine, and establishing a secure SSH connection, you have gained access to the next level. Our understanding of secure connections and cryptographic tools has expanded, enhancing our cybersecurity skills.

Stay tuned for the next blog post, where we’ll tackle Level 15 and face new challenges in our quest to become proficient cybersecurity practitioners.

Share on

Share on Twitter

Need help with your software project? Let’s talk

Previous Article

Exploring OverTheWire: Level 12 to Level 13 - Bandit Challenge

Next Article

Exploring OverTheWire: Level 14 to Level 15 - Bandit Challenge

You may also like

  • # overthewire

    Exploring OverTheWire: Level 14 to Level 15 - Bandit Challenge

    Welcome back to our enthralling voyage through the Bandit Challenge! In this blog post, we're set to conquer Level 15, where the key to success lies in submitting the current level's password to a specific port on localhost. Join me as we delve into port communication, networking concepts, and gain access to the coveted password. Let's dive in!

  • # overthewire

    Exploring OverTheWire: Level 12 to Level 13 - Bandit Challenge

    Welcome back to our exhilarating journey through the Bandit Challenge! In this blog post, we'll conquer Level 13, where we'll encounter a password stored in a file that has been repeatedly compressed and is represented as a hexdump. Join me as we navigate through the file system, extract the hexdump, decompress the file, and successfully obtain the password. Let's dive in!

  • # overthewire

    Exploring OverTheWire: Level 11 to Level 12 - Bandit Challenge

    Welcome back to our thrilling adventure through the Bandit Challenge! In this blog post, we'll conquer Level 12, where we'll encounter a password stored in a file where all the letters have been rotated by 13 positions. Join me as we navigate through the file system, decipher the rotated letters, and successfully extract the password. Let's dive in!