The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost.
ssh, telnet, nc, openssl, s_client, nmap
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 > whatis ssh ssh (1) - OpenSSH remote login client > whatis telnet telnet (1) - user interface to the TELNET protocol > whatis nc nc (1) - TCP/IP swiss army knife > whatis openssl openssl (1ssl) - OpenSSL command line tool > whatis s_client s_client (1ssl) - SSL/TLS client program > whatis nmap nmap (1) - Network exploration tool and security/ port scanner
Note: Not all commands are required to complete the level
From the question, we know that there is a service that is running on port 30,000. We can try to connect to the service using Netcat
(For the syntax of netcat and additional usage refer to the attached resources)
nc is an alias for
netcat and can be used interchangeably
1 2 3 bandit14@bandit:~$ netcat localhost 30000 Password Wrong! Please enter the correct current password
When we enter a random value we see that we get a message saying the password is incorrect
We know that the current level password is stored in
/etc/band_pass/bandit14 we can try to provide that as a value to the service and see if we get the password for the next level
1 2 3 4 5 6 7 bandit14@bandit:~$ cat /etc/bandit_pass/bandit14 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e bandit14@bandit:~$ netcat localhost 30000 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e Correct! BfMYroe26WYalil77FoDi9qh59eK5xNr
We have found the password for the next level !!!
Logout of the current session and login into the next level using the bandit15 password
1 2 3 4 5 > ssh email@example.com -p 2220 This is a OverTheWire game server. More information on http://www.overthewire.org/wargames firstname.lastname@example.org's password: BfMYroe26WYalil77FoDi9qh59eK5xNr