OverTheWire Bandit Level 13->Level 14 - Walkthrough

OverTheWire Bandit Solutions

Introduction

In this post, I will be giving you a walkthrough to the Bandit wargame Level 13->Level 14. The new concept to learn in this level is about public key authentication. We will see how we can log in to the next level using the private SSH key instead of the password.

Goal

Get the password for the next level from /etc/bandit_pass/bandit14 which is accessible only to the user bandit14. 

Login Details

Server - bandit.labs.overthewire.org
Port - 2220
Username - bandit13
Password - wbWdlBxEir4CaE8LaPhauu0o6pwRmrDw

Theory

SSH protocol supports public key authentication. In this, the public key is placed on the computer(the remote host) that allows access to the user who owns the private key. "-i" option allows the user to specify the private key file from which the private key for public key authentication is read. Please go through this article to know more about the SSH protocol's public key authentication.
Localhost is a hostname and its ip address is 127.0.0.1. It refers to the machine that we work on. In this level, we will try to login to the bandit14 user on the localhost.

Solution

SSH into the user bandit13 using the command "ssh bandit13@bandit.labs.overthewire.org -p 2220" and the above password. Type ls to see the private key file "sshkey.private".

Type the command "ssh -i sshkey.private bandit14@localhost -p 2220" and enter "yes" when prompted. Therefore, we are logged in to the user bandit14.

Type the below commands to get the password-:

• cd /etc/bandit_pass
• cat bandit14

This clears the Level 14 walkthrough as we have got the password.

I would encourage you to explore and find out other ways to clear this level. Please post your doubts and suggestions in the comment section.