What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.

2014-01-23

OverTheWire - Bandit - Level 13 to Level 14

Description:

Level Goal
The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don't get the next password, but you get a private SSH key that can be used to log into the next level.
Note: localhost is a hostname that refers to the machine you are working on
Commands you may need to solve this level
ssh, telnet, nc, openssl, s_client, nmap
Helpful Reading Material
SSH/OpenSSH/Keys
Solution:
  1. [Comment] Using SSH to connect the server
  2. sp@simple-plan:~|=> ssh bandit13@bandit.labs.overthewire.org
    ...
    bandit13@bandit.labs.overthewire.org's password: 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL
  3. [Comment] Using ls command to list directory contents  
  4. bandit13@melinda:~$ ls
    sshkey.private
  5. [Comment] Using cat command to output file's contents
  6. bandit13@melinda:~$ cat sshkey.private
    -----BEGIN RSA PRIVATE KEY-----
    MIIEpAIBAAKCAQEAxkkOE83W2cOT7IWhFc9aPaaQmQDdgzuXCv+ppZHa++buSkN+
    gg0tcr7Fw8NLGa5+Uzec2rEg0WmeevB13AIoYp0MZyETq46t+jk9puNwZwIt9XgB
    ZufGtZEwWbFWw/vVLNwOXBe4UWStGRWzgPpEeSv5Tb1VjLZIBdGphTIK22Amz6Zb
    ThMsiMnyJafEwJ/T8PQO3myS91vUHEuoOMAzoUID4kN0MEZ3+XahyK0HJVq68KsV
    ObefXG1vvA3GAJ29kxJaqvRfgYnqZryWN7w3CHjNU4c/2Jkp+n8L0SnxaNA+WYA7
    jiPyTF0is8uzMlYQ4l1Lzh/8/MpvhCQF8r22dwIDAQABAoIBAQC6dWBjhyEOzjeA
    J3j/RWmap9M5zfJ/wb2bfidNpwbB8rsJ4sZIDZQ7XuIh4LfygoAQSS+bBw3RXvzE
    pvJt3SmU8hIDuLsCjL1VnBY5pY7Bju8g8aR/3FyjyNAqx/TLfzlLYfOu7i9Jet67
    xAh0tONG/u8FB5I3LAI2Vp6OviwvdWeC4nOxCthldpuPKNLA8rmMMVRTKQ+7T2VS
    nXmwYckKUcUgzoVSpiNZaS0zUDypdpy2+tRH3MQa5kqN1YKjvF8RC47woOYCktsD
    o3FFpGNFec9Taa3Msy+DfQQhHKZFKIL3bJDONtmrVvtYK40/yeU4aZ/HA2DQzwhe
    ol1AfiEhAoGBAOnVjosBkm7sblK+n4IEwPxs8sOmhPnTDUy5WGrpSCrXOmsVIBUf
    laL3ZGLx3xCIwtCnEucB9DvN2HZkupc/h6hTKUYLqXuyLD8njTrbRhLgbC9QrKrS
    M1F2fSTxVqPtZDlDMwjNR04xHA/fKh8bXXyTMqOHNJTHHNhbh3McdURjAoGBANkU
    1hqfnw7+aXncJ9bjysr1ZWbqOE5Nd8AFgfwaKuGTTVX2NsUQnCMWdOp+wFak40JH
    PKWkJNdBG+ex0H9JNQsTK3X5PBMAS8AfX0GrKeuwKWA6erytVTqjOfLYcdp5+z9s
    8DtVCxDuVsM+i4X8UqIGOlvGbtKEVokHPFXP1q/dAoGAcHg5YX7WEehCgCYTzpO+
    xysX8ScM2qS6xuZ3MqUWAxUWkh7NGZvhe0sGy9iOdANzwKw7mUUFViaCMR/t54W1
    GC83sOs3D7n5Mj8x3NdO8xFit7dT9a245TvaoYQ7KgmqpSg/ScKCw4c3eiLava+J
    3btnJeSIU+8ZXq9XjPRpKwUCgYA7z6LiOQKxNeXH3qHXcnHok855maUj5fJNpPbY
    iDkyZ8ySF8GlcFsky8Yw6fWCqfG3zDrohJ5l9JmEsBh7SadkwsZhvecQcS9t4vby
    9/8X4jS0P8ibfcKS4nBP+dT81kkkg5Z5MohXBORA7VWx+ACohcDEkprsQ+w32xeD
    qT1EvQKBgQDKm8ws2ByvSUVs9GjTilCajFqLJ0eVYzRPaY6f++Gv/UVfAPV4c+S0
    kAWpXbv5tbkkzbS0eaLPTKgLzavXtQoTtKwrjpolHKIHUz6Wu+n4abfAIRFubOdN
    /+aLoRQ0yBDRbdXMsZN/jvY44eM+xRLdRVyMmdPtP8belRi2E2aEzA==
    -----END RSA PRIVATE KEY-----
  7. [Comment] Using SSH with -i option to connect the server without password
  8. bandit13@melinda:~$ ssh -i ./sshkey.private bandit14@localhost
    Could not create directory '/home/bandit13/.ssh'.
    The authenticity of host 'localhost (127.0.0.1)' can't be established.
    ECDSA key fingerprint is 91:b4:28:0b:9a:4d:0c:b6:39:1f:8f:68:89:4a:ce:92.
    Are you sure you want to continue connecting (yes/no)? yes
  9. [Comment] Fetch out the password for next level
  10. bandit14@melinda:~$ cat /etc/bandit_pass/bandit14
    4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
  11. [Comment] Using exit command to disconnect connection to server
  12. bandit14@melinda:~$ exit
    logout
    Connection to localhost closed.
  13. [Comment] It's done! Saving the password for next level.
Reference:
sshhttp://linuxcommand.org/man_pages/ssh1.html
lshttp://linuxcommand.org/man_pages/ls1.html
cathttp://linuxcommand.org/man_pages/cat1.html
exithttp://linuxcommand.org/man_pages/exit1.html
cdhttp://linuxcommand.org/lc3_man_pages/cdh.html
findhttp://linuxcommand.org/man_pages/find1.html
grephttp://linuxcommand.org/lc3_man_pages/grep1.html
sorthttp://linuxcommand.org/lc3_man_pages/sort1.html
uniqhttp://linuxcommand.org/man_pages/uniq1.html
stringshttp://linuxcommand.org/man_pages/strings1.html
base64http://linux.die.net/man/1/base64
trhttp://linuxcommand.org/man_pages/tr1.html
aliashttp://linuxcommand.org/man_pages/alias1.html
mkdirhttp://linuxcommand.org/man_pages/mkdir1.html
cphttp://linuxcommand.org/man_pages/cp1.html
xxdhttp://linuxcommand.org/man_pages/xxd1.html
filehttp://linuxcommand.org/man_pages/file1.html
mvhttp://linuxcommand.org/man_pages/mv1.html
gziphttp://linuxcommand.org/man_pages/gzip1.html
bzip2http://linuxcommand.org/man_pages/bzip21.html
tarhttp://linuxcommand.org/man_pages/tar1.html

No comments:

Post a Comment