OverTheWire: Bandit Level 18 to Level 19

Sep 04, 2016
/
General, Resources, Write-ups

Level goal: The password for the next level is stored in a file readme in the home directory. Unfortunately, someone has modified .bashrc to log you out when you log in with SSH.

In this level, we need to connect using the ssh -t. The -t parameter basically opens a pseudo-tty within the session, with output in the same screen. The ssh session closes when the command completes. This way, you can quickly run a command before the connectivity closes and kicks you out with a “Byebye!”.

[email protected]:~$ ssh -t [email protected] cat readme
 The authenticity of host 'localhost (127.0.0.1)' can't be established.
 ECDSA key fingerprint is 05:3a:1c:25:35:0a:ed:2f:cd:87:1c:f6:fe:69:e4:f6.
 {... REMOVED ...}
 Permissions 0640 for '/home/bandit17/.ssh/id_rsa' are too open.
 It is required that your private key files are NOT accessible by others.
 This private key will be ignored.
 bad permissions: ignore key: /home/bandit17/.ssh/id_rsa
 [email protected]'s password:
 readme
 Connection to localhost closed.

Next, we run the same commands to check what is in the “readme” file.

[email protected]'s password:
IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x
Connection to localhost closed.

The password to gain access to the next level is IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x.

Tags: CTF, linux, overthewire, unix

kongwenbin

https://kongwenbin.com

I am a security enthusiast, penetration tester and bug hunter who has a great passion in the area of information security. I love to share. Please feel free to leave a comment on my posts. Learning never stops!

5 Comments

Pingback: OverTheWire: Bandit Write-up | My Learning Journey
Occupy 4 Elephants
November 30, 2017

ok so like this isn’t right at all

Reply
- Wen Bin
  December 1, 2017
  
  What isn’t right? Let me know 🙂
  
  Reply
Moonlight Kim
July 23, 2018

I am also interested in computer security. I want to know whether overthewire teaches linux command or real hacking? And do you recommend using it as a beginner and for how long? What are steps do I need to take if I want to be skilled in web app security? Do you recommend any CTFs or wargames website related to web app for beginner like me? Please excuse me if my questions are too much or if there is any inappropriate things mentioned. I hope you will be glad to share your idea to me. Thanks

Reply
- kongwenbin
  August 6, 2018
  
  Hi Moonlight, thanks for the questions. OverTheWire: Bandit is essentially a CTF which provide you with short challenges as you progress through the stages and capture the flag. Note that CTFs usually won’t spoonfeed you with answers, but their questions would often provide you with some learning along the way as you look up different ways to solve them. In my opinion, the Bandit series is pretty good for a beginner as it helped me learn many new things when I was solving them back then. 🙂
  
  Reply

kongwenbin

5 Comments

Occupy 4 Elephants

Wen Bin

Moonlight Kim

kongwenbin

Leave a Reply Cancel reply