The last level took me a long time, not only to complete but also to finish the write up. I am hoping this time Bandit Level 13 will be short and sweet. If you haven’t had a chance to read my OverTheWire Bandit Write Up – Level 12 write up, give it a quick read then head back over here. Read it? See what I mean, that level actually felt like a chore to write, anyway let’s get on.

Level 13

The password for the next level is stored /etc/bandit_pass/bandit14 and can only be accessed by the bandit14 user. As I don’t know the password for the bandit14 user yet, a ssh private key has been provided in the Bandit Level 13 users home directory. I can use this to connect to localhost as the bandit14 user.

Let’s Start Hacking Then

To start I need to connect to the machine, so I need to whip out a fresh terminal and initiate the SSH connection. I type that so often for these write ups that it’s now in my auto complete.

ssh bandit13@bandit.labs.overthewire.org -p 2220

Entering the password I got from last level when asked and I am presented with the users home directory. I need to check what files are available to me to start. Using the ls command I can see a file named sshkey.private.

Being the cautions and potentially optimistic person I am, I want to check the contents of the file first before trying to use it.

cat ./sshkey.private

The output of the file unsurprisingly is in fact a private key, worth a try though. I now need to create another SSH session to localhost as the bandit14 user. This is starting to feel a little bit like inception at the moment.

I wanted to go deeper and deeper.

Cobb

I run the following command this time I tell it to use the private key using the -ioption, and not specify which port. You can see more about the ssh command on the man page.

ssh -i ./sshkey.private bandit14@localhost

Without the need for a password I am connected in and ready to go. All that’s left now is to get the contents of the bandit14 file and we should be good. I run the following

cat /etc/bandit_pass/bandit14

…and Wham! Bam! Thank you ma’am! I have the password now for level 14.

Level 13 Complete

I have hidden the password here, if you are playing along don’t peek! Please! It’s more fun getting it yourself.

Categories:Hacking

Justin Byrne

Justin Byrne is a self motivated tech enthusiasts. Spending more than half his life dedicated to the tech industry. He built his first computer at the age of 11, and has been building ever since. His interests have changed across the years from system building to web programming and even a dab of software engineering, and just like his interests, his operating system has changed sometimes more then 4 times a year.

0 Comments

Leave a Reply