Bandit Level 15 → Level 16

Level Goal

The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.

Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -quiet and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command…

Commands you may need to solve this level

ssh, telnet, nc, openssl, s_client, nmap


From the openssl man page, the s_client command implement a generic SSL/TLS client. However, to find out the options for s_client, we need to type a incorrect option in the openssl command prompt to get a list of options and usage for s_client. e.g.

OpenSSL> s_client help

-connect host:port seems to be what we need to connect to the server. Lastly, the helpful note as us to use -quiet and read the “CONNECTED COMMANDS” section in the manpage. However, I can’t find this section at all. The -quiet option is for no s_client output but that all I got from the usage page. Again, we pass the password file to the correct host and port and return the next password.

openssl s_client -connect localhost:30001 -quiet < /etc/bandit_pass/bandit15
Correct!
cluFn7wTiGryunymYOu4RcffSxQluehd
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s