Bandit Level 15 → 16
Bandit Level 15 → 16
Login : ssh bandit15@bandit.labs.overthewire.org -p 2220
Password : 8xCjnmgoKbGLhHFAZlGE5Tmu4M2tKJQo
Task
Send the current password for bandit15 to a service listening on localhost:30001.
This time, the service requires an SSL/TLS connection. If the password is correct, the server will return the next password.
Quick theory
openssl s_client -connect host:port lets us establish an SSL/TLS connection to a given service.
Adding -quiet suppresses certificate and debug output, making it easier to see just the server response.
We can provide the password directly using input redirection <<< "password" or piping echo "password" | openssl ....
bandit15@bandit:~$ openssl s_client -connect localhost:30001 -quiet <<< "8xCjnmgoKbGLhHFAZlGE5Tmu4M2tKJQo"
Can't use SSL_get_servername
depth=0 CN = SnakeOil
verify error:num=18:self-signed certificate
verify return:1
depth=0 CN = SnakeOil
verify return:1
Correct!
kSkvUpMQ7lBYyCM4GBPvCvT1BfWRy0Dx
<!-- truncate -->
