Stuck on bandit16 level at overthewire - linux

I am trying to solve the CTF challenges at overthewire and have completed up to 16 levels
To get from level 16 to 17 you have to send the password of the current level to the port supporting SSL on localhost after submitting the password an ssh private key is given to log to the next level
I have done up to here and have successfully got the ssh key save it in a text file changed permission to 600 but whenever I am trying to use this key to log in to the next level I am prompted to give the passphrase for the key I have been stuck here for a long time how I can provide the passphrase since while creating the key there was nothing to set the passphrase

When you send the correct password, you should get the following key:
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAvmOkuifmMg6HL2YPIOjon6iWfbp7c3jx34YkYWqUH57SUdyJ
imZzeyGC0gtZPGujUSxiJSWI/oTqexh+cAMTSMlOJf7+BrJObArnxd9Y7YT2bRPQ
Ja6Lzb558YW3FZl87ORiO+rW4LCDCNd2lUvLE/GL2GWyuKN0K5iCd5TbtJzEkQTu
DSt2mcNn4rhAL+JFr56o4T6z8WWAW18BR6yGrMq7Q/kALHYW3OekePQAzL0VUYbW
JGTi65CxbCnzc/w4+mqQyvmzpWtMAzJTzAzQxNbkR2MBGySxDLrjg0LWN6sK7wNX
x0YVztz/zbIkPjfkU1jHS+9EbVNj+D1XFOJuaQIDAQABAoIBABagpxpM1aoLWfvD
KHcj10nqcoBc4oE11aFYQwik7xfW+24pRNuDE6SFthOar69jp5RlLwD1NhPx3iBl
J9nOM8OJ0VToum43UOS8YxF8WwhXriYGnc1sskbwpXOUDc9uX4+UESzH22P29ovd
d8WErY0gPxun8pbJLmxkAtWNhpMvfe0050vk9TL5wqbu9AlbssgTcCXkMQnPw9nC
YNN6DDP2lbcBrvgT9YCNL6C+ZKufD52yOQ9qOkwFTEQpjtF4uNtJom+asvlpmS8A
vLY9r60wYSvmZhNqBUrj7lyCtXMIu1kkd4w7F77k+DjHoAXyxcUp1DGL51sOmama
+TOWWgECgYEA8JtPxP0GRJ+IQkX262jM3dEIkza8ky5moIwUqYdsx0NxHgRRhORT
8c8hAuRBb2G82so8vUHk/fur85OEfc9TncnCY2crpoqsghifKLxrLgtT+qDpfZnx
SatLdt8GfQ85yA7hnWWJ2MxF3NaeSDm75Lsm+tBbAiyc9P2jGRNtMSkCgYEAypHd
HCctNi/FwjulhttFx/rHYKhLidZDFYeiE/v45bN4yFm8x7R/b0iE7KaszX+Exdvt
SghaTdcG0Knyw1bpJVyusavPzpaJMjdJ6tcFhVAbAjm7enCIvGCSx+X3l5SiWg0A
R57hJglezIiVjv3aGwHwvlZvtszK6zV6oXFAu0ECgYAbjo46T4hyP5tJi93V5HDi
Ttiek7xRVxUl+iU7rWkGAXFpMLFteQEsRr7PJ/lemmEY5eTDAFMLy9FL2m9oQWCg
R8VdwSk8r9FGLS+9aKcV5PI/WEKlwgXinB3OhYimtiG2Cg5JCqIZFHxD6MjEGOiu
L8ktHMPvodBwNsSBULpG0QKBgBAplTfC1HOnWiMGOU3KPwYWt0O6CdTkmJOmL8Ni
blh9elyZ9FsGxsgtRBXRsqXuz7wtsQAgLHxbdLq/ZJQ7YfzOKU4ZxEnabvXnvWkU
YOdjHdSOoKvDQNWu6ucyLRAWFuISeXw9a/9p7ftpxm0TSgyvmfLF2MIAEwyzRqaM
77pBAoGAMmjmIJdjp+Ez8duyn3ieo36yrttF5NSsJLAbxFpdlc1gvtGCWW+9Cq0b
dxviW8+TFVEBl1O4f7HVm6EpTscdDxU+bCXWkfjuRb7Dy9GOtt9JPsX8MBTakzh3
vBgsyi/sN3RqRBcGU40fOoZyfAMT8s1m/uYv52O6IgeuZ/ujbjY=
-----END RSA PRIVATE KEY-----
You should copy this to your local computer, and save it as a file called bandit.key (name doesn't really matter). Then you should chmod 600 bandit.key, then ssh with the keyfile with the command:
ssh -i bandit.key bandit17#bandit.labs.overthewire.org -p 2220
Which should log you in.

I almost lost it with this one, but just logged in, had the same problem as the author, tried changing it to chmod 400 then 600 still had the same problem. What worked was copying the the key from the comment above, I suspect the "<" symbol in front of every line when copying from the terminal was somehow interfering with this.

Related

RSA key in env causing errors

Using this library..
https://github.com/motdotla/dotenv
I've added a private RSA key to .env. Using it to sign a JWT.
When I sign the JWT, this error greats me.
error:0906D066:PEM routines:PEM_read_bio:bad end line
My RSA key is just a basic multi line, key.
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQE.......
........
The RSA key is multi-line.
DotEnv can only read one-liners, the unfortunate work around (AFIAK) are to add a \n to the end of every line. And then make this string a one liner. But this error keeps occuring..
Has anyone else experienced this and have solution?
Or perhaps know of another env file manager that can handle multi-lines?
Add surrounding double quotes to the value in the .env file and replace line breaks with \n like so:
KEY="-----BEGIN RSA PRIVATE KEY-----\nMIIE..."

VBA Excel code using echo y with PLink

WARNING: **PLEASE MAKE SURE THAT YOU DO NOT USE THIS APPROACH IF YOU ARE WORKING WITH UN-TRUSTED DEVICES/IP's. You do not want to automatically cache Ssh Host Keys which are unknown to you. Do take care.
The purpose of my code is to run ssh through plink.exe from VBA Excel for a given list of IP's. I am just checking for SSH connectivity and IP's list is dynamic.
I am trying to pass y when running ssh using plink.exe. The reason for y is because first time PLink (PuTTY) asks for caching the IP.
Echo y does that automatically from command prompt and runs fine as below.
C:\>echo y | Users\Admin\Desktop\plink.exe -ssh 10.0.0.1
The command passes y and the IP is cached which makes my code automated and the code cycles through the whole list.
I am unable to execute that same command in VBA excel (which is where the tool is) and would need guidance in how to implement it. Please suggest where I am going wrong.
Dim strShellCommand As String
Dim filename As String
Dim Run As String
Dim a As String
Dim b As String
filename = Sheet1.Cells(8, 2).Value
a = "echo y |"
b = "-ssh"
' Comments!!
' filename from cell = "C:\Users\Admin\Desktop\plink.exe"
' echo y | C:\Users\Admin\Desktop\plink.exe -ssh 10.0.0.1
' strCompaddress is any IP
Run = a & " " & filename & " " & b & " " & strCompAddress
Set osh = CreateObject("Wscript.Shell")
Set oEx = osh.Exec(Run)
Do not try to circumvent the verification of the SSH host key. It's there by purpose for your own security:
This is a feature of the SSH protocol. It is designed to protect you against a network attack known as spoofing: secretly redirecting your connection to a different computer, so that you send your password to the wrong machine. Using this technique, an attacker would be able to learn the password that guards your login account, and could then log in as if they were you and use the account for their own purposes.
Use the -hostkey switch instead to provide a fingerprint of the expected host key.
3.8.3.20 -hostkey: manually specify an expected host key
This option overrides PuTTY's normal SSH host key caching policy by telling it exactly what host key to expect, which can be useful if the normal automatic host key store in the Registry is unavailable. The argument to this option should be either a host key fingerprint, or an SSH-2 public key blob. See section 4.20.2 for more information.
You can specify this option more than once if you want to configure more than one key to be accepted.
Note that the -hostkey switch was introduced in PuTTY/PLink 0.64.
If you use your code to test connectivity, why do you need to accept the host key? The mere fact that the server was able to present the host key is proof of the connectivity.
If you really use your code to cache the host keys, so that "they don't have the click 'yes' for every IP to cache it, " do not. That's absolutely unacceptable. Not only that you break your own security. You deliberately break security of other users that will unknowingly trust any host key that you blindly accepted.
The only correct way to pre-cache the host keys is by importing the known host keys to the registry.
Export personally verified (I mean it) host keys from your registry to a file like SshHostKeys.reg:
[HKEY_CURRENT_USER\SOFTWARE\SimonTatham\PuTTY\SshHostKeys]
"rsa2#22:example.com"="0x23,0xab603b8511a67679bdb540db3bd2034b004ae936d06be3d760f08fcbaadb4eb4edc3b3c791c70aae9a74c95869e4774421c2abea92e554305f38b5fd414b3208e574c337e320936518462c7652c98b31e16e7da6523bd200742a6444d83fcd5e1732d03673c7b7811555487b55f0c4494f3829ece60f94255a95cb9af537d7fc8c7fe49ef318474ef2920992052265b0a06ea66d4a167fd9f3a48a1a4a307ec1eaaa5149a969a6ac5d56a5ef627e517d81fb644f5b745c4f478ecd082a9492f744aad326f76c8c4dc9100bc6ab79461d2657cb6f06dec92e6b64a6562ff0e32084ea06ce0ea9d35a583bfb00bad38c9d19703c549892e5aa78dc95e250514069"
and import them on the target machine.
For example using:
reg import SshHostKeys.reg
If you really do not care about a security, for example because you are connecting within a private network, use:
Run = Environ("COMSPEC") & " /c echo y | " & filename & " -ssh " & strCompAddress
(assuming a path to plink.exe in filename)
To make an input redirection working, you have to run the process via shell interpreter (cmd.exe). The environment variable COMSPEC points to it (typically C:\WINDOWS\system32\cmd.exe).
See also Redirecting input to an executable from Excel VBA.

download a pgp key automaticly

I want to download a pgp key from a keyserver automaticly using gpg like this:
gpg --searchkey carol#example.com
gpg is giving me this result.
gpg: searching for "carol#example.com" from hkp server pool.sks-keyservers.net
(1) <carol#example.com>
2048 bit RSA key 2F5E71CD, created: 2015-02-17
Keys 1-1 of 1 for "carol#example.com". Enter number(s), N)ext, or Q)uit >
If I want to add this key to my keyring I need to press "1" and ENTER.
My Question is: Is there a way to insert automatically always the first found key from the keyserver to my keyring? Because if I want to do it with about 200 addresses it would be nice if I can import them by a script without sitting next to the computer and pressing always "1" and Enter.
I know that is a security risk to import automatically always the first key, but to import the keys automatically means not that I also trust them automatically.
Do not use mail addresses for finding keys when scripting. Everybody can upload keys with arbitrary user IDs in them, key servers to not check anything at all. It is even easily possible to calculate short key ID collisions. Trusting arbitrary keys on key servers provides a very, very dangerous, false assumption of safety.
For scripting purpose, always work with key fingerprints. These are secure against collision attacks and provide a unique identifier for OpenPGP keys (in theory, they do not, but they provide a larger key address space than UUIDs do, which in practice are considered unique).
To download a list of fingerprints, use something like
gpg --recv-keys \
0D69E11F12BDBA077B3726AB4E1F799AA4FF2279 \
4AC1999F0BA293E8960AF2DA428C3085AF19CFE9 \
...
(alternatively, remove the backslashes and put everything on a single line)
To simply fetch all keys and validate trust on another way (eg. through the web of trust, but don't forget to do so), you have to script around GnuPG. Here is an example script originally posted on security.SE, which takes a file containing one mail address per line and fetches all matching keys:
#!/bin/sh
while read line
do
gpg --with-colons --batch --search $line 2>/dev/null | \
awk 'BEGIN { FS = ":" }; $1=="pub" { print $2 }' | \
xargs gpg --recv-keys
done < $1

decrypt password in a bash script

I'd like to prepare a simple script for connecting to some VPN network. The password to the network consists of two elements: pretty complicated pass + randomized token. I don't want to remember this password but store it encrypted in some secure directory. Now, the script I need should ask me for a passphrase and some token, read decrypt a pass from a file and run some commands. All those are pretty easy except one thing: is it possible to decrypt a file to a variable instead of file? I mean I'd like to get something like
PASS=`mdecrypt password.nc`
but as far as I know mdecrypt generates a file as a result instead of returning value. I know I could run something like
`mdecrypt password.nc`
PASS=`cat password`
`unlink password`
but is there some easier (one liner) solution?
uset the -F option
-F Force output on standard output or input from stdin if that is a
terminal. By default mcrypt will not output encrypted data to
terminal

Safely storing encrypted sensitive data 'publicly' online?

How can I safely store sensitive data online?
I want to store some extremely sensitive information online in a public folder, and I'm not sure how to go about it.
Specifically, I want to store bitcoin private keys in a .json file named "walletData.json" in a public folder. The file contains the wallet address and public key in plain text, along with an encrypted version of the private key.
Assuming anyone can access the file and attempt to crack the encryption password with their "super computers", what's the best way to safely encrypt that private key?
I know a longer password would be a good start, but ideally I don't want to need a password longer than 10 characters.
I was thinking of maybe hashing the password 1000 times, then using that hash+password as an AES encryption key. But, as everyone can see the key generation method, i'm not sure that will help? I was also thinking of padding out the encrypted private key with some other random data, but again, I don't know if it'll really help??
Is there a safe way to do this?
EDIT - after Reid's answer:
I'm trying to do this 100% in Javascript/jQuery.
When I export a CoinPrism.com wallet, I get this:
{"keys":[{"addr":"1PNLiLgW2fBokCB2wmfhZTtbmioitkqtMm","priv":"172655af193edeb54467a52fc6eb94c67eeeff8cd03555767e5cf12df694bb88f9c8b25c4019147d9e4993405274c96a","encryptionMode":"PKBDF2-SHA256","iterations":2000}],"salt":"2222b67fc7255aaf0b4027bfcabffb5e62f39e9e0aa13e8ad70f2dc75a484f26"}
The "priv" value is an encrypted private key. I don't know exactly how it's encrypted, but i'm sure that there's a way to decrypt it using just my 10 character password.
Does anyone know how they're doing this?
Is it safe to store this information online?
Well, I will just say outright that you don't need to be the one who writes the code to do this — it is far too easy to mess up, and your post makes suggestions that are concerning. (For instance, you describe something of an ad-hoc key derivation scheme, but one that is insufficient in protection.)
So, you need a library of some kind to handle this business for you.
My suggestion: Use GPG with the ASCII armor option. For example:
gpg --symmetric --armor --cipher-algo AES file.txt
This will symmetrically encrypt (--symmetric) a file (file.txt here) using the AES cipher (--cipher-algo AES) and store the resulting encrypted file in an ASCII armored format (--armor). Note: the resulting encrypted file will be stored in the filename plus the extension .asc; e.g., here, it puts the result in file.txt.asc. You can change this with the --output option.
Now, the above command will prompt you for a passphrase — this passphrase needs to be very strong, far more than 10 characters I'm afraid. This is the burden of passphrase-based encryption: you need passphrases that are strong. Ideally, you want a passphrase that is long and complicated, hard-to-guess and hard-to-bruteforce.
Since we are on StackOverflow, you may be looking to automate the passphrase entry (using scripting). To do that, there are several --passphrase related options for GPG. For example,
gpg --batch --passphrase "test" --symmetric --armor --cipher-algo AES file.txt
will use the passphrase test instead of prompting the user. Command line arguments are not safe, however, on a system, so it would be better to use the --passphrase-from-file option, which takes a single file as an argument. The first line of that file is the passphrase to be used.

Resources