OVERTHEWIRE:BANDIT WALKTHROUGH SERIES 16-18 LEVELS

This article is the continuation of the Over The Wire Bandit walkthrough. In case,you haven’t seen my last article it is here OVERTHEWIRE: Bandit walkthough 12-15.

So let’s begin with the further levels.

LEVEL 16-17:

Login with the bandit16 user with the password.

The hint of this level says

The credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000. First find out which of these ports have a server listening on them. Then find out which of those speak SSL and which don’t. There is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it.

What we need to do here is to scan the localhost with ports between 31000 and 32000 and see which one of those truly contains the password.

Scanning tool will be nmap and the command is below:

nmap localhost -p 31000-32000

This gave me a list of ports amd I manually made connections to each using openssl like we did in previous level, level 16. I am showing the output of the correct port only which is 31790.

When I submit the password to this level, It gave me the private key to another level.

LEVEL 17-18:

Login with the above ssh private key to the bandit17 level.

Below, you will see the connection failure due to permission that I haven’t given to the script file which actually contains the private key we found above. If you’ve gone through my previous article, I have talked about chmod 400 for the keys. If you haven’t read it, the link is here:

OVERTHEWIRE:BANDIT WALKTHROUGH SERIES 12-15 LEVELS.

The hint for this level says:

There are 2 files in the homedirectory: passwords.old and passwords.new. The password for the next level is in passwords.new and is the only line that has been changed between passwords.old and passwords.new

NOTE: if you have solved this level and see ‘Byebye!’ when trying to log into bandit18, this is related to the next level, bandit19

With the help of diff command, we can find that the command I have used is shown in the image below.

The password is the first one since we used first file as passwords.new

I will be continuing this series for further solutions.

Ciao!

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: