Networking Tools
Publ .
Mins 15 (3194 words).
Edit .
The following levels force you into researching the internet and networks. The provided reading materials on the assignments are enough to get by but you may wish to supplement with some extra begginer-friendly materials.
Consider this free e-book by Charles Severance. In it, the author provides a basic description of the technical design and architecture of the Internet. It is aimed at all audiences, even those with absolutely no prior technical experience or math skills. It may provide you with a very austere but still functional comprehension of the foundational concepts about the Web. The text is very concise and does a good job as a short introduction.
Index
LEVEL 13 -> LEVEL 14
The password for the next level is stored in
/etc/bandit_pass/bandit14and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on.Commands you may need to solve this level
ssh,telnet,nc,openssl,s_client,nmap
- Helpful Reading Material
SSH/OpenSSH/Keys
Going to the bone on this level implies understanding the de facto method used to login into remote systems.
The SSH software supports authentication by key-based login. Its suite provides functionality enabling system administration and file transfers over insecure networks.
It is an accepted fact that is much safer using mathematically generated keys instead of plain text passwords as means of remote authentication. The encryption method that enables this procedure is called asymmetric encryption because it makes use of a pair of keys.
By taking a closer look to the configuration steps involved in the set up of key-based login, you can enhance your comprehension of the method:
The genesis of the keys is algorithmical and usually takes place on the client side you will use for logins.
On generation, you obtain a pair of keys, a private and a public key.
The private key is allows you to login on a server where its couterpart public key is stored.
To get a login into bandit14, first lets think about what must have been done for you to succeed in using the key file available.
Someone, say Alice, logged in as user bandit13.
Alice executed an algorithm that generated a public-private key pair. This means there was at some point two files in the machine we are currently in. An sshkey.private and an sshkey.public file.
Once having these files on its power, Alice placed the sshkey.public file in the bandit14 file system, configuring it to allow key-based logins. You may assume that Alice has some other means to access as user bandit14, perhaps even physical access to the the server where the user files reside.
This procedure configures the machine bandit14 to grant access to he who exhibits a private key matching the public key stored in there. Anyone in possession of this key, is granted permission of accessing as user bandit14.
You could download the keys to your computer and use them to login as bandit14,
but there is an easy way to refer to the URL/IP of the server. You can login by
referencing SSH to establish a new connection to localhost.
This way you don’t need to exit or enter the full server address every time you want to go from one level (user) to another. You also don’t lose the connection with the server when doing this.
The -i flag indicates that a key file will be used for the login.
$ ssh -i sshkey.private bandit14@localhost
Could not create directory '/home/bandit13/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:98UL0ZWr85496EtCRkKlo20X3OPnyPSB5tB5RPbhczc.
Are you sure you want to continue connecting (yes/no)? yes
EXTRA
Let’s copy the sshlkey.private to our local machine to check that our reasoning behind the way that keypairs work is correct.
From your host, you can use scp to transfer the ssshkey.private file. Secure
copy is a tool that uses the SSH protocol to copy files between hosts.
$ scp -P 2220 bandit13@bandit.labs.overthewire.org:~/sshkey.private ~/
_ _ _ _
| |__ __ _ _ __ __| (_) |_
| '_ \ / _` | '_ \ / _` | | __|
| |_) | (_| | | | | (_| | | |_
|_.__/ \__,_|_| |_|\__,_|_|\__|
This is an OverTheWire game server.
More information on http://www.overthewire.org/wargames
bandit13@bandit.labs.overthewire.org's password:
sshkey.private 100% 1679 5.9KB/s 00:00
Now, having the key in our local file system, lets login as user bandit14 with this file.
$ ssh -p 2220 -i sshkey.private bandit14@bandit.labs.overthewire.org
_ _ _ _
| |__ __ _ _ __ __| (_) |_
| '_ \ / _` | '_ \ / _` | | __|
| |_) | (_| | | | | (_| | | |_
|_.__/ \__,_|_| |_|\__,_|_|\__|
This is an OverTheWire game server.
More information on http://www.overthewire.org/wargames
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for 'sshkey.private' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "sshkey.private": bad permissions
bandit14@bandit.labs.overthewire.org's password:
The server rejects our login, but not because are we attempting to do it from a different host. The message is clear, the problem lies in the permissions of the file. They are declared as being too open.
Nobody should be able to get at key files except its owner. The downloaded file has permissions 640 which allows the group to read it. As a basic and sensible security measure the server is rejecting logins using this keyfile.
The chmod command modifies permissions of files. Setting it to 600 indicates
that only the owner is able to read or write the file.
$ ls -l sshkey.private
-rw-r----- 1 user user 1679 Sep 4 13:20 sshkey.private
$ chmod 600 sshkey.private
$ ls -l sshkey.private
-rw------- 1 user user 1679 Sep 4 13:20 sshkey.private
After changing permissions, the login succeeds:
$ ssh -p 2220 -i sshkey.private bandit14@bandit.labs.overthewire.org
_ _ _ _
| |__ __ _ _ __ __| (_) |_
| '_ \ / _` | '_ \ / _` | | __|
| |_) | (_| | | | | (_| | | |_
|_.__/ \__,_|_| |_|\__,_|_|\__|
This is an OverTheWire game server.
More information on http://www.overthewire.org/wargames
,----.. ,----, .---.
/ / \ ,/ .`| /. ./|
/ . : ,` .' : .--'. ' ;
. / ;. \ ; ; / /__./ \ : |
. ; / ` ; .'___,/ ,' .--'. ' \' .
; | ; \ ; | | : | /___/ \ | ' '
| : | ; | ' ; |.'; ; ; \ \; :
. | ' ' ' : `----' | | \ ; ` |
' ; \; / | ' : ; . \ .\ ;
\ \ ', / | | ' \ \ ' \ |
; : / ' : | : ' |--"
\ \ .' ; |.' \ \ ;
www. `---` ver '---' he '---" ire.org
Welcome to OverTheWire!
LEVEL 14 -> LEVEL 15
The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost.
Commands you may need to solve this level
ssh,telnet,nc,openssl,s_client,nmap
The previous level stated that the password for the next level is stored on
/etc/bandit_pass/bandit14. Let’s copy it:
$ cat /etc/bandit_pass/bandit14
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
You need to submit this string to port 30000 on localhost. To do this let’s use
the telnet protocol. Telnet is more or less a primitive version of ssh.
Albeit insecure, unencrypted and currently not in use, it is said that it pretty
much helped pave the way for the World Wide Web. It was one of the first
programs that allowed to remotely connect to a host over a TCP/IP network.
According to man telnet, its syntax is:
$ telnet localhost 30000
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
To submit the message you just paste or type the string. On the other side of the connection is a sever listening. It responds with the password for the next level.
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
Correct!
BfMYroe26WYalil77FoDi9qh59eK5xNr
Connection closed by foreign host.
EXTRA
You could also get a response from the server by using the program netcat.
Netcat is a networking utility able to establish connections for working/testing
TCP or UDP protocols. It is widely used as a network debugging tool.
You can pipe the current password to netcat and receive a response from the
server:
$ cat /etc/bandit_pass/bandit14 | nc localhost 30000
Correct!
BfMYroe26WYalil77FoDi9qh59eK5xNr
LEVEL 15 -> LEVEL 16
The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.
Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -ign_eof and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command…Commands you may need to solve this level
ssh,telnet,nc,openssl,s_client,nmap
- Helpful Reading Material
The server on the other end is using the SSL protocol on top of the TCP/IP layer. The key to this level lies in understanding what this means.
There is a little of an ambiguity about this concept. Most people tend to use interchangeably the acronyms SSL and TLS, as if they have the same meaning when they do not. The first one stands for Secure Socket Layer. The predecessor of the Transport Layer Security protocol.
SSL was the standard used to secure connections in the past. It is not up to date with the current requirements and its usage is not recommended anymore. Its name simply remains in use as a means of referring to the Security/Encryption Layer.
TLS is the protocol now deployed to secure data sent between applications over the internet. It is described as a procedure designed to establishing an encryption-based network connection before sending any data between two parties that want to communicate.
TLS manages a cryptographic set of routines that assist you to securely send data over the wire. The Encryption Layer is strictly necessary for having the internet as it is today. Originally, data transmission on the web took place using plain text. Eventually, eaveasdropping became rampant and anyone capable of intercepting a communication could read it.
Encryption makes data looks like a mess at plain sight, and only when decrypted with a specific key you are able to make sense of it. The security layer is implemented around this fact. Its ultimate goal is protecting user privacy.
The server you are trying to connect explicitly requires a secure connection.
To comply, you use the openssl suite. It comes installed by default virtually
on all Unix platforms. This tool is able to manage the full TLS stack.
This section of the OpenSSL Cookbook clearly states that to connect to a server using a secure layer you use:
$ openssl s_client -connect localhost:30001
CONNECTED(00000003)
depth=0 CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = localhost
verify return:1
---
Certificate chain
0 s:/CN=localhost
i:/CN=localhost
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICBjCCAW+gAwIBAgIEXcVbPTANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDDAls
b2NhbGhvc3QwHhcNMjIwMzA5MTk0NzQyWhcNMjMwMzA5MTk0NzQyWjAUMRIwEAYD
VQQDDAlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALDCas6k
DHxTRoxVISHtXOeCwJ8Sax5BZN76Hle8AH6pYTAdv9/FRssWL1xppFAtiGnFvglu
95FJvHEQirY4F0oPBTbtGU2xhzZzkWRL5Yj2C3Q2c99cyh+uWQT7sXPtB8W1osPc
YIo83YkXiArpt28474ZYdl+ohbPtP1oQHBv3AgMBAAGjZTBjMBQGA1UdEQQNMAuC
CWxvY2FsaG9zdDBLBglghkgBhvhCAQ0EPhY8QXV0b21hdGljYWxseSBnZW5lcmF0
ZWQgYnkgTmNhdC4gU2VlIGh0dHBzOi8vbm1hcC5vcmcvbmNhdC8uMA0GCSqGSIb3
DQEBBQUAA4GBAC2693WiK/kXMCauf1fEg5DwuxIfm0saYKiLSceyZo1G4IggqOBO
9JCtvMIV/xRAmYEnPvJmf0JtYv+2fsicaPh9E1GRmU0vGoYDZzA7NTZOgRmHlRKe
ihh/XSGrY7tE1qU+EfizmhcB35iZ7W5INIKlu7oyBWcvk3rI4jtPQeZp
-----END CERTIFICATE-----
subject=/CN=localhost
issuer=/CN=localhost
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1019 bytes and written 269 bytes
Verification error: self signed certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 88FE17AAA2A5EDF4819C77E4817346A26B9F67B4BF33464E26902F429391D2F4
Session-ID-ctx:
Master-Key: 1CD83EA9F4BF8FEBF80D68E2582995F8750DD68AE4EF5C2030DDA9CB67225D06C01E19279C544D54D63D33C9F9AF0E7B
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - d3 53 01 d9 4c 2e 82 50-ef 16 38 c5 d8 1b dd f2 .S..L..P..8.....
0010 - 8a 86 b9 34 6c a2 8b f0-f2 42 a0 28 f2 66 95 88 ...4l....B.(.f..
0020 - 39 52 42 8d 00 a9 da 74-df 39 31 01 76 ca 75 7a 9RB....t.91.v.uz
0030 - 0a 5e 8e d6 b6 0c 5b 84-c5 0d c1 5b 5b f9 97 ab .^....[....[[...
0040 - 17 06 b9 c6 e1 0a 6d ad-51 12 9d fb 6f b0 93 5e ......m.Q...o..^
0050 - 3b 0d 0a 57 46 74 da 69-e2 8d 91 9e c3 8e f5 56 ;..WFt.i.......V
0060 - be 3f 4a a9 84 a5 b4 81-98 cc 7d c1 fd 9e c6 32 .?J.......}....2
0070 - 43 e1 d9 8b 75 52 1d 06-f4 d3 9c 01 da 94 c2 19 C...uR..........
0080 - bd ed 96 f6 dd eb 77 89-00 f5 a6 b9 0d d6 9f 6a ......w........j
0090 - 5d fb 9f fd d4 1b 15 86-84 61 43 e9 dc d2 f8 02 ]........aC.....
Start Time: 1661106661
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: yes
---
BfMYroe26WYalil77FoDi9qh59eK5xNr
Correct!
cluFn7wTiGryunymYOu4RcffSxQluehd
closed
After the connection is established, you submit the corresponding string to the server receiving as response the password for the next level.
LEVEL 16 -> Level 17
The credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000. First find out which of these ports have a server listening on them. Then find out which of those speak SSL and which don’t. There is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it.
Commands you may need to solve this level
ssh,telnet,nc,openssl,s_client,nmap
- Helpful Reading Material
To get your credentials for the next level, you must first find out which of a
series of ports has a server listening on it. This task is easily solved with
nmap, a powerful port scanning tool and network exploration/security program.
By looking at its help page, you may find out that to specify a range of ports
to scan you use the option -p.
$ nmap -p31000-32000 localhost
Starting Nmap 7.80 ( https://nmap.org ) at 2022-09-03 23:23 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00013s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
31046/tcp open unknown
31518/tcp open unknown
31691/tcp open unknown
31790/tcp open unknown
31960/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds
All these listed ports ‘speak’ TCP. You must find out which is using an
encryption layer on top of it. Further inspection of man nmap and a brief web
search, sheds some light. There is an nmap feature that combines port scanning
and scripts for further probing open ports.
The ssl-enum-ciphers looks promising as it lists the supportted SSL ciphers on port basis.
$ nmap -sC --script=ssl-enum-ciphers -p31000-32000 localhost
Starting Nmap 7.80 ( https://nmap.org ) at 2022-09-04 00:01 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00014s latency).Not shown: 996 closed ports
PORT STATE SERVICE
31046/tcp open unknown
31518/tcp open unknown
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CCM (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CCM_8 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CCM (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CCM_8 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| TLS_RSA_WITH_ARIA_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_ARIA_256_GCM_SHA384 (rsa 2048) - A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (rsa 2048) - A
| compressors:
| NULL
| cipher preference: client
| warnings:
| Weak certificate signature: SHA1
|_ least strength: A
31691/tcp open unknown
31790/tcp open unknown
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CCM (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CCM_8 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CCM (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CCM_8 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| TLS_RSA_WITH_ARIA_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_ARIA_256_GCM_SHA384 (rsa 2048) - A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (rsa 2048) - A
| compressors:
| NULL
| cipher preference: client
| warnings:
| Weak certificate signature: SHA1
|_ least strength: A
31960/tcp open unknown
Nmap done: 1 IP address (1 host up) scanned in 0.55 seconds
You are now certain that ports 31518 and 31790 both speak TLS. The openssl
command will submit our message to the possible targets. Port 31518 just echoes
your string but 131790 returns an RSA private key.
openssl s_client -connect localhost:31790
CONNECTED(00000003)
...
...
...
---
read R BLOCK
JQttfApK4SeyHwDlI9SXGR50qclOAil1
Correct!
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAvmOkuifmMg6HL2YPIOjon6iWfbp7c3jx34YkYWqUH57SUdyJ
imZzeyGC0gtZPGujUSxiJSWI/oTqexh+cAMTSMlOJf7+BrJObArnxd9Y7YT2bRPQ
Ja6Lzb558YW3FZl87ORiO+rW4LCDCNd2lUvLE/GL2GWyuKN0K5iCd5TbtJzEkQTu
DSt2mcNn4rhAL+JFr56o4T6z8WWAW18BR6yGrMq7Q/kALHYW3OekePQAzL0VUYbW
JGTi65CxbCnzc/w4+mqQyvmzpWtMAzJTzAzQxNbkR2MBGySxDLrjg0LWN6sK7wNX
x0YVztz/zbIkPjfkU1jHS+9EbVNj+D1XFOJuaQIDAQABAoIBABagpxpM1aoLWfvD
KHcj10nqcoBc4oE11aFYQwik7xfW+24pRNuDE6SFthOar69jp5RlLwD1NhPx3iBl
J9nOM8OJ0VToum43UOS8YxF8WwhXriYGnc1sskbwpXOUDc9uX4+UESzH22P29ovd
d8WErY0gPxun8pbJLmxkAtWNhpMvfe0050vk9TL5wqbu9AlbssgTcCXkMQnPw9nC
YNN6DDP2lbcBrvgT9YCNL6C+ZKufD52yOQ9qOkwFTEQpjtF4uNtJom+asvlpmS8A
vLY9r60wYSvmZhNqBUrj7lyCtXMIu1kkd4w7F77k+DjHoAXyxcUp1DGL51sOmama
+TOWWgECgYEA8JtPxP0GRJ+IQkX262jM3dEIkza8ky5moIwUqYdsx0NxHgRRhORT
8c8hAuRBb2G82so8vUHk/fur85OEfc9TncnCY2crpoqsghifKLxrLgtT+qDpfZnx
SatLdt8GfQ85yA7hnWWJ2MxF3NaeSDm75Lsm+tBbAiyc9P2jGRNtMSkCgYEAypHd
HCctNi/FwjulhttFx/rHYKhLidZDFYeiE/v45bN4yFm8x7R/b0iE7KaszX+Exdvt
SghaTdcG0Knyw1bpJVyusavPzpaJMjdJ6tcFhVAbAjm7enCIvGCSx+X3l5SiWg0A
R57hJglezIiVjv3aGwHwvlZvtszK6zV6oXFAu0ECgYAbjo46T4hyP5tJi93V5HDi
Ttiek7xRVxUl+iU7rWkGAXFpMLFteQEsRr7PJ/lemmEY5eTDAFMLy9FL2m9oQWCg
R8VdwSk8r9FGLS+9aKcV5PI/WEKlwgXinB3OhYimtiG2Cg5JCqIZFHxD6MjEGOiu
L8ktHMPvodBwNsSBULpG0QKBgBAplTfC1HOnWiMGOU3KPwYWt0O6CdTkmJOmL8Ni
blh9elyZ9FsGxsgtRBXRsqXuz7wtsQAgLHxbdLq/ZJQ7YfzOKU4ZxEnabvXnvWkU
YOdjHdSOoKvDQNWu6ucyLRAWFuISeXw9a/9p7ftpxm0TSgyvmfLF2MIAEwyzRqaM
77pBAoGAMmjmIJdjp+Ez8duyn3ieo36yrttF5NSsJLAbxFpdlc1gvtGCWW+9Cq0b
dxviW8+TFVEBl1O4f7HVm6EpTscdDxU+bCXWkfjuRb7Dy9GOtt9JPsX8MBTakzh3
vBgsyi/sN3RqRBcGU40fOoZyfAMT8s1m/uYv52O6IgeuZ/ujbjY=
-----END RSA PRIVATE KEY-----
closed
You have to create a file to hold this key to be able to use it. To start, you
should copy the full key string, from dash to dash. Then make a directory on
/tmp, cd into it and add a file to place the key. Open it on a text editor,
paste and save.
$ mkdir /tmp/foobarbaz
$ cd /tmp/foobarbaz
$ touch sshkey.private
$ vim sshkey.private
...
Attempting to login as user bandit17, the very same issue of the extra section
in Level 13 to 14 presents. The permissions of this
file are not deemed safe by the server. You should chmod it to comply.
$ chmod 600 sshkey.private
$ ssh -i sshkey.private -p 2220 bandit17@localhost
Finally, remember to be a good citizen and don’t let files and folders lying around on the server.
$ cat /etc/bandit_pass/bandit17
VwOSWtCA7lRKkTfbr2IDh6awj9RNZM5e
$ exit
logout
Connection to localhost closed.
$ cd ~
rm -rf /tmp/foobarbaz