Exploring OverTheWire: Level 16 to Level 17 - Bandit Challenge

📆 · ⏳ 3 min read · ·

Introduction

As we continue our ascent in the Bandit Challenge, Level 17 ↗️ introduces a dynamic challenge. This time, we’re required to submit the password of the current level to a port within a specific range on localhost.

By leveraging our knowledge of port scanning, network exploration, and employing tools like nmap, nc, and openssl, we’ll identify the correct port, establish a connection, and retrieve the next set of credentials.

Challenge Overview

💡

Level 17 challenges us to submit the password of the current level to a port within the range of 31000 to 32000 on localhost. Our task is to identify the correct port that hosts a server listening for our input. Once we identify the correct port, we must establish a connection and retrieve the next set of credentials.

Through careful port scanning and exploration, we’ll complete this challenge and access the coveted credentials.

Approach and Strategy

Follow these steps to successfully solve Level 17

Terminal window
ssh [email protected] -p 2220

Enter the password you obtained from the previous level.

Next, we’ll use nmap to scan ports within the specified range for active servers and use the --script ssl-cert option to identify the port with a server listening for SSL connections.

The -T5 option sets the timing template to 5, which is the most aggressive timing template.

Terminal window
nmap -p 31000-32000 --script ssl-cert -T5 localhost

This command will scan ports within the specified range to identify active servers.

Examine the results of the port scan to identify the port with a server listening.

For the identified port, use openssl and s_client like we did in previous level to establish a secure connection and retrieve the next set of credentials.

Terminal window
echo {current_level_password} | openssl s_client -connect localhost:{identified_port} -ign_eof

Replace {current_level_password} with the password you obtained from the current level and {identified_port} with the port you identified in the step before.

The -ign_eof flag ensures that the connection isn’t terminated prematurely.

The output of the command will display the a private key file instead of a password this time, take a note of it and save it to a file.

Notes

  • Port scanning helps identify active servers within a specified range.
  • Use the -p option with nmap to specify the range of ports to scan.
  • Use the --script ssl-cert option with nmap to identify the port with a server listening for SSL connections.
  • The -T5 option sets the timing template to 5, which is the most aggressive timing template.
  • After identifying the port, use openssl and s_client to establish a secure connection.
  • The -ign_eof flag prevents the connection from being closed prematurely.

Conclusion

Congratulations on successfully completing Level 17 of the Bandit Challenge! By scanning ports, identifying the correct port with a server, and establishing a secure connection using openssl and s_client, we gained access to the next set of credentials.

Stay tuned for the next blog post, where we’ll tackle Level 18 and continue our quest to become skilled cybersecurity practitioners.

You may also like

  • Exploring OverTheWire: Level 20 to Level 21 - Bandit Challenge

    Welcome back to our captivating journey through the Bandit Challenge! In this blog post, we're geared up to conquer Level 21, where a setuid binary introduces a novel challenge involving network connections. Join me as we delve into the mechanics of connecting to localhost, reading text, and successfully obtaining the password to proceed. Let's dive in!

  • Exploring OverTheWire: Level 19 to Level 20 - Bandit Challenge

    Welcome back to our thrilling journey through the Bandit Challenge! In this blog post, we're poised to conquer Level 20, where we encounter a setuid binary that holds the key to our progress. Join me as we explore the concept of setuid binaries, learn how to execute them, and successfully uncover the password to continue our journey. Let's dive in!

  • Exploring OverTheWire: Level 18 to Level 19 - Bandit Challenge

    Welcome back to our riveting journey through the Bandit Challenge! In this blog post, we're set to conquer Level 19, where a password is concealed within a file. However, a clever twist awaits us—someone has tampered with the system to log us out during SSH login. Join me as we navigate through this challenge using commands like ssh, ls, and cat, all while devising strategies to overcome the unexpected hurdle. Let's dive in!