OverTheWire: Bandit Level 16
In the last post, we gained access to bandit15. Now, let’s find the password for bandit16.
Level 16
Level Goal
The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.
Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -ign_eof and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command…
Commands you may need to solve this level
ssh, telnet, nc, openssl, s_client, nmap
To get the password for bandit16, we need to use SSL encryption to connect to localhost on port 30001.
This is similar to the previous level, but instead of using the netcat command, we need to use the openssl and s_client commands. Read about openssl and s_client.
openssl Syntax
$ openssl s_client -connect host:portThis syntax helps us establish a connection to a server that is also using either SSL or TLS protocol.
In our case, we need to connect to localhost on port 30001.
bandit15@bandit:~$ openssl s_client -connect localhost:30001
CONNECTED(00000003)
.
.
.
. // Information about SSL, TLS and the remote server
.
.
.Start Time: 1606914068
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: yes
---
And now we can enter the password for the current level, bandit15.
bandit15@bandit:~$ openssl s_client -connect localhost:30001
CONNECTED(00000003)
.
.
.
. // Information about SSL, TLS and the remote server
.
.
.Start Time: 1606914068
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: yes
---
BfMYroe26WYalil77FoDi9qh59eK5xNr
Correct!
cluFn7wTiGryunymYOu4RcffSxQluehdclosed
And we get the password for bandit16, cluFn7wTiGryunymYOu4RcffSxQluehd.
