The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.
Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -ign_eof and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command…
ssh, telnet, nc, openssl, s_client, nmap
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 > whatis ssh ssh (1) - OpenSSH remote login client > whatis telnet telnet (1) - user interface to the TELNET protocol > whatis nc nc (1) - TCP/IP swiss army knife > whatis openssl openssl (1ssl) - OpenSSL command line tool > whatis s_client s_client (1ssl) - SSL/TLS client program > whatis nmap nmap (1) - Network exploration tool and security/ port scanner
Note: Not all commands are required to complete the level
We know that we have to connect to a service on port 30,001 using SSL encryption. The simplest way to achieve this is using the
openssl command along with
s_client which allows us to connect to services on our machine using SSL.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 bandit15@bandit:~$ openssl s_client -connect localhost:30001 CONNECTED(00000003) depth=0 CN = localhost verify error:num=18:self signed certificate verify return:1 depth=0 CN = localhost verify return:1 --- Certificate chain 0 s:/CN=localhost i:/CN=localhost --- . . .Start Time: 1615101060 Timeout : 7200 (sec) Verify return code: 18 (self signed certificate) Extended master secret: yes --- Password Wrong! Please enter the correct current password closed
When we provide the password as “Password” as get an error saying the provided the wrong password
Let’s provide the correct password and see if we get the password for the next level. The password for the current level can be found at
1 2 3 4 5 6 7 bandit15@bandit:~$ cat /etc/bandit_pass/bandit15 BfMYroe26WYalil77FoDi9qh59eK5xNr bandit15@bandit:~$ openssl s_client -connect localhost:30001 BfMYroe26WYalil77FoDi9qh59eK5xNr Correct! cluFn7wTiGryunymYOu4RcffSxQluehd
We have found the password for the next level !!!
Note: We can achieve the same result using the
ncat command which is an advanced version of
netcat that is developed by the creators of Nmap. If using ncat make use of the same command as the previous level and add the
Logout of the current session and start the next level using the bandit16 password
1 2 3 4 5 > ssh firstname.lastname@example.org -p 2220 This is a OverTheWire game server. More information on http://www.overthewire.org/wargames email@example.com's password: cluFn7wTiGryunymYOu4RcffSxQluehd