[ Docker ] Bandit Wargame 만들기 - 13번 문제 ( 14 / 33 )

1. Bandit13 목표

The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14.
For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. 
Note: localhost is a hostname that refers to the machine you are working on

Commands you may need to solve this level
ssh, telnet, nc, openssl, s_client, nmap

 

2. Bandit13 구현

# 비밀번호 root 입력 접속
ssh -oStrictHostKeyChecking=no root@localhost -p 2220

chown -R root:root /home/bandit13/.[!.]*

useradd bandit14 && echo -e "4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e\n4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e" | passwd bandit14

chown -R root:root /home/bandit14/.[!.]*

su - bandit14

ssh-keygen -t rsa -f /home/bandit14/.ssh/sshkey -N ""

exit

chmod 755 /home/bandit14/.ssh

mv /home/bandit14/.ssh/sshkey /home/bandit13/sshkey.private

mv /home/bandit14/.ssh/sshkey.pub /home/bandit14/.ssh/authorized_keys

chmod 640 /home/bandit13/sshkey.private

chown bandit14:bandit13 /home/bandit13/sshkey.private

chown bandit14:bandit14 /home/bandit14/.ssh/authorized_keys

chmod 640 /home/bandit14/.ssh/authorized_keys

chmod 755 /home/bandit14

chown root:root /home/bandit14

mkdir /etc/bandit_pass/

echo 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e > /etc/bandit_pass/bandit14

chmod 400 /etc/bandit_pass/bandit14

chown bandit14:bandit14 /etc/bandit_pass/bandit14

# 접속 테스트
ssh -oStrictHostKeyChecking=no -i /home/bandit13/sshkey.private bandit14@localhost -p 2220

 

3. Bandit13 문제풀의

# bandit13 로 설정한 패스워드를 입력하여 접속한다.
# 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL
ssh bandit13@localhost -p 2220

ssh -oStrictHostKeyChecking=no -i sshkey.private bandit14@localhost -p 2220

# bandit14 비밀번호 파일의 사이즈를 유추하기 위해 bandit13 비밀번호 사이즈 확인
echo "8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL" | wc -c

# bandit14 비밀번호 파일 검색
# 문제 목표에 이미 파일 검색 경로가 있기 때문에 하지 않아도 상관은 없다.
find / -size 33c -user bandit14 2>/dev/null

# 비밀번호 확인
# 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
cat /etc/bandit_pass/bandit14