Bandit Level 14 Walkthrough

Level 13 ➔ Level 14: Authentication via Private Keys

1. My Objective

This level breaks the pattern. Usually, I find a text password to log into the next level. This time, I am given a file called sshkey.private in the home directory. My goal is to use this private key to log in as bandit14. Once I am logged in, I need to read the password stored in a restricted system file: /etc/bandit_pass/bandit14.

The Mission Brief: I am currently bandit13. The file /etc/bandit_pass/bandit14 exists, but I don't have permission to read it. Only bandit14 can read it. I must "become" that user first using the provided key.

2. The Feynman Explanation: Combinations vs. Keys

Most people are used to logging into accounts with passwords. But in the world of high-security servers, we often use SSH Keys.

The Safe vs. The Padlock Analogy:

1. Passwords are like Combination Safes. To get in, you need to know a specific code in your head. If you forget it, or if someone guesses it, the safe is open.

2. SSH Keys are like Physical Padlocks. You have a "Private Key" (the physical key in your pocket) and the server has a "Public Key" (the padlock on the door). You don't need to memorize any code; you just need to possess the physical key.

In this level, I have the physical key (sshkey.private). When I present this key to the server, it recognizes it and lets me in immediately without asking for a password.

3. Practical Solution

I am already logged in as bandit13. I see the key file in my current folder. I will use the ssh command with the -i flag (Identity) to use the key file.

# Step 1: Locate the private key
bandit13@bandit:~$ ls
sshkey.private

# Step 2: Use the key to log into bandit14 on the 'localhost'
# -i points to the key | bandit14@localhost is the target
bandit13@bandit:~$ ssh -i sshkey.private bandit14@localhost -p 2220

# Step 3: Once logged in as bandit14, read the password file
bandit14@bandit:~$ cat /etc/bandit_pass/bandit14
fGrHPno6pE6vSAr4S019SAb36906sV... (full password reveals)

Why did I use localhost?

Since I am already on the OverTheWire server, I don't need to go out to the internet to find bandit14. I am simply jumping from one chair to another in the same room. localhost always refers to the machine you are currently standing on.

🚀 My Pro Tips: Working with SSH Keys

✨ The Permissions Trap (chmod 600)

If I were doing this on my own PC, SSH would likely give me an error saying "Permissions are too open." SSH is very strict: if your private key can be read by other people on your computer, it refuses to use it. I would fix this by running chmod 600 sshkey.private to make it private to me only.

⭐ What is '2220'?

I must remember to keep the port -p 2220 in my command. Even when connecting to localhost, the game server is still listening on that specific non-standard port.

🔍 Finding your Identity

If I ever get confused about which user I am, I always type whoami. It’s a simple command that helps me keep track of my "identity" after making multiple SSH jumps.

4. Why this matters

I use SSH keys every day to manage cloud servers (like AWS or DigitalOcean) and to push code to GitHub. Typing passwords is slow and vulnerable to "brute force" attacks. Mastering key-based login is one of the most important steps in becoming a professional DevOps engineer or Security researcher.

I Have Become Bandit14!

I've successfully used a private key to elevate my access. I'll save the password found in /etc/bandit_pass and move on to Level 14 ➔ Level 15, where I will interact with network services!

Tags: #Linux #Bandit #OverTheWire #SSHKeys #PrivateKey #Localhost #Permissions #CyberSecurity #FeynmanTechnique #CodeWithPritom #ProTips