Bandit 13 -> 14

July 6, 2025 · 1 min · 131 words · Me

ssh : ssh bandit13@bandit.labs.overthewire -p 2220
password : FO5dwFsc0cbaIiH0h8J2eUks2vdTDwAn

Task :

use a provided private key to connect to the next level, then find the password in the provided path /etc/bandit_pass/bandit14

Theory

Until now, we have only logged into the remote machine using ssh with a password. An alternative to a password is using public-key cryptography. The public key is placed on the computers that should allow access (the remote host) to the user that owns the private key. Like with the password, it is important that only the user knows/owns the private key. The -i flag allows login with the private key.

Solution

connecting with the provided private key :

ssh -i sshkey.private bandit14@localhost -p 2220

then use the cat command on the provided path to get the password