{"id":678,"date":"2015-02-07T20:57:46","date_gmt":"2015-02-07T20:57:46","guid":{"rendered":"https:\/\/www.hackmethod.com\/?p=678"},"modified":"2022-06-03T05:39:34","modified_gmt":"2022-06-03T05:39:34","slug":"overthewire-bandit-18","status":"publish","type":"post","link":"https:\/\/hackmethod.com\/overthewire-bandit-18\/","title":{"rendered":"OvertheWire &#8211; Bandit 18"},"content":{"rendered":"<p>[et_pb_section fb_built=&#8221;1&#8243; admin_label=&#8221;section&#8221; _builder_version=&#8221;3.22&#8243;][et_pb_row admin_label=&#8221;row&#8221; _builder_version=&#8221;3.25&#8243; background_size=&#8221;initial&#8221; background_position=&#8221;top_left&#8221; background_repeat=&#8221;repeat&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;3.25&#8243; custom_padding=&#8221;|||&#8221; custom_padding__hover=&#8221;|||&#8221;][et_pb_text admin_label=&#8221;Text&#8221; _builder_version=&#8221;4.7.5&#8243; background_size=&#8221;initial&#8221; background_position=&#8221;top_left&#8221; background_repeat=&#8221;repeat&#8221; hover_enabled=&#8221;0&#8243; sticky_enabled=&#8221;0&#8243;]<strong>Recap of Level 17:\u00a0<\/strong>Used Nmap to scan ports and receive an RSA private key.<\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"http:\/\/overthewire.org\/wargames\/bandit\/bandit18.html\" target=\"_blank\" rel=\"noopener\"><strong>Bandit Level 18<\/strong><\/a><\/p>\n<h4><strong>Objective:<\/strong><\/h4>\n<p>Find the password to the next level<\/p>\n<h4><strong>Intel Given:<\/strong><\/h4>\n<ul>\n<li>There are 2 files in the homedirectory:\u00a0<strong>passwords.old and passwords.new<\/strong>. The password for the next level is in\u00a0<strong>passwords.new<\/strong>\u00a0and is the only line that has been changed between\u00a0<strong>passwords.old and passwords.new<\/strong><\/li>\n<li><strong>NOTE: if you have solved this level and see \u2018Byebye!\u2019 when trying to log into bandit18, this is related to the next level, bandit19<\/strong><\/li>\n<\/ul>\n<p><!--more--><\/p>\n<h4><strong>How to:<\/strong><\/h4>\n<p>Thanks to reddit user <a href=\"http:\/\/www.reddit.com\/user\/177854\" target=\"_blank\" rel=\"noopener\">177854<\/a>\u00a0for providing this write-up!<\/p>\n<p>From the last mission we didn\u2019t get a password, insteadwe got a RSA private key. Private keys can be used to log onto servers that have been setup with a corresponding public key. This is actually the more secure method of ssh-ing into remote devices. The steps to use this on Putty make it long enough to be a blog post of it\u2019s own, which we did here. For now we\u2019ll be doing the Linux\/Mac method.<\/p>\n<p>First we&#8217;re going to have to import the Private key into our machine and save it as a text file. You can use any file editor you like (vi, vim, gEdit, Nano gVim Emacs..etc) for this exercise the commands are simple. Just type your file editor of choice and then the filename you wish to have. In this example we\u2019re using vim.\u00a0 Will open a new blank text document where I will paste the private key.<\/p>\n<p><code>vim bandit1617privatekey.txt<\/code><\/p>\n<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"679\" data-permalink=\"https:\/\/hackmethod.com\/overthewire-bandit-18\/bandit-18-1\/\" data-orig-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.1.png?fit=548%2C462&amp;ssl=1\" data-orig-size=\"548,462\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"bandit 18.1\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.1.png?fit=300%2C253&amp;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.1.png?fit=548%2C462&amp;ssl=1\" class=\" size-full wp-image-679 aligncenter\" src=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.1.png?resize=548%2C462&#038;ssl=1\" alt=\"bandit 18.1\" width=\"548\" height=\"462\" srcset=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.1.png?w=548&amp;ssl=1 548w, https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.1.png?resize=300%2C253&amp;ssl=1 300w\" sizes=\"(max-width: 548px) 100vw, 548px\" \/><\/p>\n<p>Perfect! Now that we have a Private key it&#8217;s time for us to logon to bandit 17. To do this we will still use ssh but with some different options to use the private key.<\/p>\n<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"680\" data-permalink=\"https:\/\/hackmethod.com\/overthewire-bandit-18\/bandit-18-2\/\" data-orig-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.2.png?fit=690%2C369&amp;ssl=1\" data-orig-size=\"690,369\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"bandit 18.2\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.2.png?fit=300%2C160&amp;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.2.png?fit=690%2C369&amp;ssl=1\" class=\" size-full wp-image-680 aligncenter\" src=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.2.png?resize=690%2C369&#038;ssl=1\" alt=\"bandit 18.2\" width=\"690\" height=\"369\" srcset=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.2.png?w=690&amp;ssl=1 690w, https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.2.png?resize=600%2C321&amp;ssl=1 600w, https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.2.png?resize=300%2C160&amp;ssl=1 300w\" sizes=\"(max-width: 690px) 100vw, 690px\" \/><\/p>\n<p>Uh oh. It looks like we are allowing other people permission to access our private key, and that&#8217;s not very good for security! Let&#8217;s go back and change our read write permissions on our file.<\/p>\n<p>Linux permissions are very complex and we will only scratch the surface here. It IS a very important topic though and if you need a refresher or are learning for the first time check out some links here. www.linux.com\/learn\/tutorials\/309527\u00adunderstanding\u00adlinux\u00adfile\u00adpermissions. The basics are three permissions types (read, write, execute) along with three permission groups (owner, group, all other users). To change file permission on a file you use the chmod command. In the chmod command there are three spots for owner, group, and all others to have their file permissions added. The placement in the chmod command is important the 1<sup>st<\/sup> spot is for the owner, the second for the group, and the third for other users on our system, commonly referred to as global. The command looks something like this.<\/p>\n<p><code>chmod [owner][group][global] file<\/code><\/p>\n<p>Now what do we put in the spaces in the brackets to denote what permissions? Permissions types are given a number ,4 for read, 2 for write, and 1 for execute. The file permissions are a TOTAL of all the permissions that we would like that object to have. For example if I want to give owner full access and everyone in the group read and write access and everyone else read access I would enter the following:<\/p>\n<p>read (4) + write(2)+ execute(1) = Full (7)<\/p>\n<p>read(4) + write(2) = rw (6)<\/p>\n<p>read (4) = 4<\/p>\n<p><code>chmod 764 testfile<\/code><\/p>\n<p>For our case here we don\u2019t have to worry too much about this, we just have to prevent everyone except for us from accessing it. Nevertheless this is an important part of Linux systems and will come up later so if you are having a hard time understanding I suggest you do some further research on the topic. There are good options <a href=\"http:\/\/www.linux.com\/learn\/tutorials\/309527-understanding-linux-file-permissions\" target=\"_blank\" rel=\"noopener noreferrer\" title=\"linux.com\">here<\/a>, <a href=\"http:\/\/www.linux.org\/threads\/file-permissions-chmod.4094\/\" target=\"_blank\" rel=\"noopener noreferrer\" title=\"Linux.org\">here<\/a>, and <a href=\"https:\/\/drive.google.com\/a\/vt.edu\/file\/d\/0B5-nkXLXc6rxOWdYVWIyakNUbGc\/view\" target=\"_blank\" rel=\"noopener noreferrer\" title=\"Google Drive File\">here<\/a>. Back to our private key we have to change our file permission to owner and only owner. So in the owner spot we will put 6 for read + write, in the group and everyone else spot we will put 0 for no access at all. Using the below command we change the permissions of the file and try connecting again.<\/p>\n<p><code>chmod 600 Bandit1617pk<\/code><\/p>\n<p><a href=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.4.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"682\" data-permalink=\"https:\/\/hackmethod.com\/overthewire-bandit-18\/bandit-18-4\/\" data-orig-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.4.png?fit=700%2C582&amp;ssl=1\" data-orig-size=\"700,582\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"bandit 18.4\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.4.png?fit=300%2C249&amp;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.4.png?fit=700%2C582&amp;ssl=1\" class=\" size-full wp-image-682 aligncenter\" src=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.4.png?resize=700%2C582&#038;ssl=1\" alt=\"bandit 18.4\" width=\"700\" height=\"582\" srcset=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.4.png?w=700&amp;ssl=1 700w, https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.4.png?resize=600%2C499&amp;ssl=1 600w, https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.4.png?resize=300%2C249&amp;ssl=1 300w\" sizes=\"(max-width: 700px) 100vw, 700px\" \/><\/a><\/p>\n<p>Success! Now after all that, what were we even supposed to be doing?<\/p>\n<p>Ah yes there are two file that has a lot of text that look like passwords and the only difference between the two is the actual password. The command diff is exactly what we need in this situation. The diff command compares 2 files and outputs the difference in them, similar to the sort and uniq that we used a few lessons ago. Let&#8217;s see what the command outputs.<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.5.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"683\" data-permalink=\"https:\/\/hackmethod.com\/overthewire-bandit-18\/bandit-18-5\/\" data-orig-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.5.png?fit=454%2C121&amp;ssl=1\" data-orig-size=\"454,121\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"bandit 18.5\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.5.png?fit=300%2C80&amp;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.5.png?fit=454%2C121&amp;ssl=1\" class=\"alignnone size-full wp-image-683\" src=\"https:\/\/i0.wp.com\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.5.png?resize=454%2C121&#038;ssl=1\" alt=\"bandit 18.5\" width=\"454\" height=\"121\" srcset=\"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.5.png?w=454&amp;ssl=1 454w, https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.5.png?resize=300%2C80&amp;ssl=1 300w\" sizes=\"(max-width: 454px) 100vw, 454px\" \/><\/a><\/p>\n<p style=\"text-align: left;\">Hmm looks like two passwords. One for this level (instead of having to use that private key again) and one for the next!<\/p>\n<h4><strong>Conclusion:<\/strong><\/h4>\n<p>We learned a lot in this lesson. Ssh\u00ading using private keys, Linux file permissions, and the diff command. If you don&#8217;t feel very comfortable using Linux file permission I suggest you take some time and thoroughly research it. It will be very important in a few lessons.<\/p>\n<p>&nbsp;<br \/>\n[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=&#8221;4.7.5&#8243; _module_preset=&#8221;default&#8221; column_structure=&#8221;1_2,1_2&#8243;][et_pb_column _builder_version=&#8221;4.7.5&#8243; _module_preset=&#8221;default&#8221; type=&#8221;1_2&#8243;][et_pb_image src=&#8221;https:\/\/hackmethod.com\/wp-content\/uploads\/2020\/12\/Previous.png&#8221; _builder_version=&#8221;4.7.5&#8243; _module_preset=&#8221;default&#8221; alt=&#8221;Previous Level&#8221; title_text=&#8221;Previous&#8221; url=&#8221;https:\/\/hackmethod.com\/overthewire-bandit-17&#8243; hover_enabled=&#8221;0&#8243; sticky_enabled=&#8221;0&#8243;][\/et_pb_image][\/et_pb_column][et_pb_column _builder_version=&#8221;4.7.5&#8243; _module_preset=&#8221;default&#8221; type=&#8221;1_2&#8243;][et_pb_image src=&#8221;https:\/\/hackmethod.com\/wp-content\/uploads\/2020\/12\/Next.png&#8221; _builder_version=&#8221;4.7.5&#8243; _module_preset=&#8221;default&#8221; alt=&#8221;Next Level&#8221; title_text=&#8221;Next&#8221; url=&#8221;https:\/\/hackmethod.com\/overthewire-bandit-19&#8243; align=&#8221;right&#8221; hover_enabled=&#8221;0&#8243; sticky_enabled=&#8221;0&#8243;][\/et_pb_image][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recap of Level 17:\u00a0Used Nmap to scan ports and receive an RSA private key. &nbsp; Bandit Level 18 Objective: Find the password to the next level Intel Given: There are 2 files in the homedirectory:\u00a0passwords.old and passwords.new. The password for the next level is in\u00a0passwords.new\u00a0and is the only line that has been changed between\u00a0passwords.old and [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":679,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"<strong>Recap of <a href=\"https:\/\/www.hackmethod.com\/overthewire-bandit-17\/\">Last\u00a0Lesson<\/a>:\u00a0<\/strong>Used Nmap to scan ports and receive an RSA private key.\r\n\r\n<a href=\"http:\/\/overthewire.org\/wargames\/bandit\/bandit18.html\" target=\"_blank\"><strong>Bandit Level 18<\/strong><\/a>\r\n\r\n<strong>Objective<\/strong>\r\n\r\nFind the password to the next level\r\n\r\n<strong>Intel Given<\/strong>\r\n<ul>\r\n\t<li>There are 2 files in the homedirectory:\u00a0<strong>passwords.old and passwords.new<\/strong>. The password for the next level is in\u00a0<strong>passwords.new<\/strong>\u00a0and is the only line that has been changed between\u00a0<strong>passwords.old and passwords.new<\/strong><\/li>\r\n\t<li><strong>NOTE: if you have solved this level and see \u2018Byebye!\u2019 when trying to log into bandit18, this is related to the next level, bandit19<\/strong><\/li>\r\n<\/ul>\r\n<!--more-->\r\n\r\n<strong>How to<\/strong>\r\n\r\nThanks to reddit user <a href=\"http:\/\/www.reddit.com\/user\/177854\" target=\"_blank\">177854<\/a>\u00a0for providing this write-up!\r\n\r\nFrom the last mission we didn\u2019t get a password, insteadwe got a RSA private key. Private keys can be used to log onto servers that have been setup with a corresponding public key. This is actually the more secure method of ssh-ing into remote devices. The steps to use this on Putty make it long enough to be a blog post of it\u2019s own, which we did here. For now we\u2019ll be doing the Linux\/Mac method.\r\n\r\nFirst we're going to have to import the Private key into our machine and save it as a text file. You can use any file editor you like (vi, vim, gEdit, Nano gVim Emacs..etc) for this exercise the commands are simple. Just type your file editor of choice and then the filename you wish to have. In this example we\u2019re using vim.\r\n\r\n$ vim bandit1617privatekey.txt\r\n\r\nWill open a new blank text document where I will paste the private key.\r\n\r\n<img class=\" size-full wp-image-679 aligncenter\" src=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.1.png\" alt=\"bandit 18.1\" width=\"548\" height=\"462\" \/>\r\n\r\nPerfect! Now that we have a Private key it's time for us to logon to bandit 17. To do this we will still use ssh but with some different options to use the private key.\r\n\r\n<img class=\" size-full wp-image-680 aligncenter\" src=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.2.png\" alt=\"bandit 18.2\" width=\"690\" height=\"369\" \/>\r\n\r\nUh oh. It looks like we are allowing other people permission to access our private key, and that's not very good for security! Let's go back and change our read write permissions on our file.\r\n\r\nLinux permissions are very complex and we will only scratch the surface here. It IS a very important topic though and if you need a refresher or are learning for the first time check out some links here. www.linux.com\/learn\/tutorials\/309527\u00adunderstanding\u00adlinux\u00adfile\u00adpermissions. The basics are three permissions types (read, write, execute) along with three permission groups (owner, group, all other users). To change file permission on a file you use the chmod command. In the chmod command there are three spots for owner, group, and all others to have their file permissions added. The placement in the chmod command is important the 1<sup>st<\/sup> spot is for the owner, the second for the group, and the third for other users on our system, commonly referred to as global. The command looks something like this.\r\n\r\n$ chmod [owner][group][global] file\r\n\r\nNow what do we put in the spaces in the brackets to denote what permissions? Permissions types are given a number ,4 for read, 2 for write, and 1 for execute. The file permissions are a TOTAL of all the permissions that we would like that object to have. For example if I want to give owner full access and everyone in the group read and write access and everyone else read access I would enter the following:\r\n\r\nread (4) + write(2)+ execute(1) = Full (7)\r\n\r\nread(4) + write(2) = rw (6)\r\n\r\nread (4) = 4\r\n\r\n$ chmod 764 testfile\r\n\r\nFor our case here we don\u2019t have to worry too much about this, we just have to prevent everyone except for us from accessing it. Nevertheless this is an important part of Linux systems and will come up later so if you are having a hard time understanding I suggest you do some further research on the topic. There are good options here(http:\/\/www.linux.com\/learn\/tutorials\/309527-understanding-linux-file-permissions), here (<a href=\"http:\/\/www.linux.org\/threads\/file-permissions-chmod.4094\/\">http:\/\/www.linux.org\/threads\/file-permissions-chmod.4094\/<\/a>), and here (https:\/\/drive.google.com\/a\/vt.edu\/file\/d\/0B5-nkXLXc6rxOWdYVWIyakNUbGc\/view). Back to our private key we have to change our file permission to owner and only owner. So in the owner spot we will put 6 for read + write, in the group and everyone else spot we will put 0 for no access at all.\r\n\r\n<a href=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.3.png\"><img class=\" size-full wp-image-681 aligncenter\" src=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.3.png\" alt=\"bandit 18.3\" width=\"484\" height=\"22\" \/><\/a>Okay looks good let's try and connect again and what happens.\r\n\r\n<a href=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.4.png\"><img class=\" size-full wp-image-682 aligncenter\" src=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.4.png\" alt=\"bandit 18.4\" width=\"700\" height=\"582\" \/><\/a>\r\n\r\nSuccess! Now after all that, what were we even supposed to be doing?\r\n\r\nAh yes there are two file that has a lot of text that look like passwords and the only difference between the two is the actual password. The command diff is exactly what we need in this situation. The diff command compares 2 files and outputs the difference in them, similar to the sort and uniq that we used a few lessons ago. Let's see what the command outputs.\r\n<p style=\"text-align: center;\"><a href=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.5.png\"><img class=\"alignnone size-full wp-image-683\" src=\"https:\/\/www.hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.5.png\" alt=\"bandit 18.5\" width=\"454\" height=\"121\" \/><\/a><\/p>\r\n<p style=\"text-align: left;\">Hmm looks like two passwords. One for this level (instead of having to use that private key again) and one for the next!<\/p>\r\n<strong>Conclusion<\/strong>\r\n\r\nWe learned a lot in this lesson. Ssh\u00ading using private keys, Linux file permissions, and the diff command. If you don't feel very comfortable using Linux file permission I suggest you take some time and thoroughly research it. It will be very important in a few lessons.\r\n\r\n&nbsp;","_et_gb_content_width":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[44],"tags":[43,45,46],"class_list":["post-678","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-overthewire","tag-bandit","tag-overthewire","tag-tutorials"],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/hackmethod.com\/wp-content\/uploads\/2015\/02\/bandit-18.1.png?fit=548%2C462&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p5zY4D-aW","_links":{"self":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/678","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/comments?post=678"}],"version-history":[{"count":5,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/678\/revisions"}],"predecessor-version":[{"id":27552,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/678\/revisions\/27552"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/media\/679"}],"wp:attachment":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/media?parent=678"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/categories?post=678"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/tags?post=678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}