All levels

Bandit · Level 16

Level 16

Login

SSH: ssh [email protected] -p 2220

Challenge URL: https://overthewire.org/wargames/bandit/bandit17.html

Task

The credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000. First find out which of these ports have a server listening on them. Then find out which of those speak SSL/TLS and which do not. There is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it.

Solution

Run nmap to see the services on the ports. Use the version argument and specify the port numbers:

nmap -sV -p 31000-32000

There are 2 ports that are running the SSL service. One of them returns whatever is sent to it and the other is the correct port (the one which we require).

Port 31790 is the correct port. Now to connect to it, we could use openssl s_client like the previous level, but it didn't seem to work.

Therefore, we can use ncat with the --ssl flag and connect to the port and submit the current level's password:

bandit16@bandit:~$ ncat --ssl localhost 31790