Post

OverTheWire: Bandit Level 14 → Level 15

OverTheWire - Bandit

Level Goal

The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost.

Commands you may need to solve this level

ssh, telnet, nc, openssl, s_client, nmap

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
> whatis ssh  
ssh (1)              - OpenSSH remote login client  

> whatis telnet  
telnet (1)           - user interface to the TELNET protocol  

> whatis nc      
nc (1)               - TCP/IP swiss army knife  

> whatis openssl  
openssl (1ssl)       - OpenSSL command line tool  

> whatis s_client  
s_client (1ssl)      - SSL/TLS client program  

> whatis nmap      
nmap (1)             - Network exploration tool and security/ port scanner

Note: Not all commands are required to complete the level

Helpful Reading Material

IP address - Wikipedia

Ports - How Web Servers Work | HowStuffWorks

Port (computer networking) - Wikipedia

Netcat (nc) Command with Examples | Linuxize

8 Netcat (nc) Command with Examples

Solution

From the question, we know that there is a service that is running on port 30,000. We can try to connect to the service using Netcat

(For the syntax of netcat and additional usage refer to the attached resources)

Note: nc is an alias for netcat and can be used interchangeably

1
2
3
bandit14@bandit:~$ netcat localhost 30000  
Password  
Wrong! Please enter the correct current password

When we enter a random value we see that we get a message saying the password is incorrect

We know that the current level password is stored in /etc/band_pass/bandit14 we can try to provide that as a value to the service and see if we get the password for the next level

1
2
3
4
5
6
7
bandit14@bandit:~$ cat /etc/bandit_pass/bandit14  
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e

bandit14@bandit:~$ netcat localhost 30000  
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e  
Correct!  
BfMYroe26WYalil77FoDi9qh59eK5xNr

We have found the password for the next level !!!

Logout of the current session and login into the next level using the bandit15 password

1
2
3
4
5
> ssh bandit15@bandit.labs.overthewire.org -p 2220

This is a OverTheWire game server. More information on http://www.overthewire.org/wargames

bandit15@bandit.labs.overthewire.org's password: BfMYroe26WYalil77FoDi9qh59eK5xNr
This post is licensed under CC BY 4.0 by the author.