Bandit Walkthrough – Level 16
Level Description
http://www.overthewire.org/wargames/bandit/bandit17.shtml
Now we are starting to get in to the juicy stuff! This level is designed to make you scan for open ports, identify the services on those ports, then connect securely to the only applicable port in the same manner as the last level.
Hint
This level has 3 stages, in the first one you will use nmap to scan for and identify ports. In the second one you will follow the same exact process to connect as the last level. In the third stage you will need to create your own private key to connect to the next level. This level may take some trial and error, but stick with it – the errors are pretty self explanatory and if you have patience you should be able to get through it in a reasonable amount of time. If you are interested in security work, make sure to learn all you can about nmap – it will almost certainly be one of the most used tools in your toolbox!
Solution | Show> |
---|---|
When I try and log in to bandit17 it keeps asking me for a passphrase. i already did ‘chmod 600’ to my private key. I’ve tried at least 5 times and it keeps asking for a passphrase for the key. why?
Use:
nano /tmp/mykey/sshkey.pem
instead of:
nano /tmp/mykey/sshkey.private
Fixed – thanks for the correction!
I used “nano /tmp/mykey/sshkey.private” but its still asking for passkey
It’s also telling me that nano is not a command
I guess you have solved the issue in the meantime, but an answer is still valuable for people:
You need to include the
—–BEGIN RSA PRIVATE KEY—–
and
—–END RSA PRIVATE KEY—–
lines in your private key file.
That al least was my mistake, now the passphrase question is gone.
Cheers!
Hi,
I entered:
nano /tmp/ (deleted) /sshkey.pem
Then pasted RSA, But I cant save the file.
[ Error writing /tmp/ (deleted) /sshkey.pem: Permission denied ]
Thank you.
I logged in by bandit12 and then saved the key file.
So by using it I logged in to bandit17.
Is this the only solution for saving the file to temp directory?
As far as I know, though to be honest it has been years since I did any of these. You may be able to create a different temp directory and use that instead. It is entirely possible they have changed the process since then.
EDIT: You can also create this file locally (on your own system) and SSH from there.
Whenever I get through the commands and save everything, it always asks me for bandit17@localhost’s password and does not let me log into bandit17. Why is it asking me for a password even though I already sent it a key?
This is my fault, I made an edit to the page a while ago, but forgot to change all instances. Make sure you use sshkey.pem rather than sshkey.private.
I have used sshkey.pem but it still asks me for the password and the passphrase for the key
Oh never mind I figured out what I did wrong. Just wondering for the sake of knowledge, why do you have to use pem instead of private?
How did you know that the proper SSL key was in /etc/bandit_pass/bandit16? ~/bandit16 has a “snakeoil” ssh key, so it is understandable that it is not to be trusted.
Thanks!
why do i have to use .pem? ]it keeps asking me for password even after changing the name to sshkey.pem, what should i do?
Don’t forget to add -p 2220 when ssh from your account
hey! i tried to do as everyone else but i met a few problems.
– server didnt have nano (solved, used vim)
– server on bandit 17 started asking “Enter passphrase for key ‘key.private’: ” when i connected using the private key
solution to *
make a file on my Desktop using nano named sshkey.pem with private key inside and connect using :
ssh -i ~/Desktop/sshkey.pem bandit17@bandit.labs.overthewire.org -p 2220
EDIT:
Also tried to use sshkey.pem as key on server and didnt work either
Using –version-all flag on -sV will tell you that it is an ssl service. The scan takes some time though, so identify the ports you’re interested in first using : nmap -sV localhost -p 31000-32000 which will return :
PORT STATE SERVICE VERSION
31046/tcp open echo
31518/tcp open msdtc Microsoft Distributed Transaction Coordinator (error)
31691/tcp open echo
31790/tcp open msdtc Microsoft Distributed Transaction Coordinator (error)
31960/tcp open echo
bandit16@bandit:~$ nmap -sV –version-all -vv localhost -p 31790
Make sure there are 5 -‘s before & after BEGIN RSA PRIVATE KEY and END RSA PRIVATE KEY.
As of 12/24/17 the top line has 6 each and the bottom has 5.