Hello everybody, let’s start another part of On The Way (OTW) with explanations and solved answers.
hello Folks!!! it’s a samxia99
I have written this article to help beginners and to explain how I solved some levels. It includes six levels in each part and is designed to be useful for those looking for guidance. I hope my walkthrough will be helpful.
Just a quick reminder that the game has been updated, so the password has also been changed. I hope this password is helpful!
Bandit Level 13 → Level 14
- Level Goal
The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on.
- command used
ssh, telnet, nc, openssl, s_client, nmap
If you receive a “Permission denied” message, try using “-port 2220” because the program runs on port 22.
ssh bandit14@localhost -i sshkey.private -p 2220
Pass:-fGrHPx402xGC7U7rXKDaxiWFTOiF0ENqBandit Level 14 → Level 15
- Level Goal
The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost.
- command used
ssh, telnet, nc, openssl, s_client, nmap
Pass:-jN2kgmIXJ6fShzhT2avhotn4Zcka6tntBandit Level 15 → Level 16
- Level Goal
The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.
- command used
ssh, telnet, nc, openssl, s_client, nmap
Pass:-JQttfApK4SeyHwDlI9SXGR50qclOAil1Bandit Level 16 → Level 17
- Level Goal
The credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000. First, find out which of these ports have a server listening on them. Then find out which of those speak SSL and which don’t. There is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it.
- command used
ssh, telnet, nc, openssl, s_client, nmap
After receiving the key, save it in Vim and then exit. Afterwards, change your current directory to Desktop.
"The answer is the public key that we used to log in to bandit17."Bandit Level 17 → Level 18
- Level Goal
There are 2 files in the homedirectory: passwords.old and passwords.new. The password for the next level is in passwords.new and is the only line that has been changed between passwords.old and passwords.new
NOTE: if you have solved this level and see ‘Byebye!’ when trying to log into bandit18, this is related to the next level, bandit19.
- command used
cat, grep, ls, diff
you will see ‘Byebye!’ at the end.
Bandit Level 18 → Level 19
- Level Goal
The password for the next level is stored in a file readme in the homedirectory. Unfortunately, someone has modified .bashrc to log you out when you log in with SSH.
- command used
ssh, ls, cat
ssh -t bandit18@bandit.labs.overthewire.org -p 2220 /bin/sh
Pass:-awhqfNnAbc1naukrpqDYcF95h7HoMTrCHopefully, this write-up will be useful for everybody, I have tried to make it easy to read. and this password is not working in your case so try to solve it yourself.
PS: I will write the next part right after this.
