Skip to main content

Bandit Level 15 → 16

Shubham
Cybersecurity Enthusiast

Bandit Level 15 → 16

Login : ssh bandit15@bandit.labs.overthewire.org -p 2220

Password : 8xCjnmgoKbGLhHFAZlGE5Tmu4M2tKJQo

Task

Send the current password for bandit15 to a service listening on localhost:30001. This time, the service requires an SSL/TLS connection. If the password is correct, the server will return the next password.

Quick theory

openssl s_client -connect host:port lets us establish an SSL/TLS connection to a given service. Adding -quiet suppresses certificate and debug output, making it easier to see just the server response. We can provide the password directly using input redirection <<< "password" or piping echo "password" | openssl ....

bandit15@bandit:~$ openssl s_client -connect localhost:30001 -quiet <<< "8xCjnmgoKbGLhHFAZlGE5Tmu4M2tKJQo"

Can't use SSL_get_servername
depth=0 CN = SnakeOil
verify error:num=18:self-signed certificate
verify return:1
depth=0 CN = SnakeOil
verify return:1
Correct!
kSkvUpMQ7lBYyCM4GBPvCvT1BfWRy0Dx

<!-- truncate -->