What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.

2014-01-23

OverTheWire - Bandit - Level 15 to Level 16

Description:

Level Goal
The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.

Helpful note: Getting "HEARTBEATING" and "Read R BLOCK"? Use -quiet and read the "CONNECTED COMMANDS" section in the manpage. Next to 'R' and 'Q', the 'B' command also works in this version of that command...
Commands you may need to solve this level
ssh, telnet, nc, openssl, s_client, nmap
Helpful Reading Material
Secure Socket Layer/Transport Layer Security on Wikipedia
Testing SSL with commandline tools
Solution:
  1. [Comment] Using SSH to connect the server
  2. sp@simple-plan:~|=> ssh bandit15@bandit.labs.overthewire.org
    ...
    bandit15@bandit.labs.overthewire.org's password: BfMYroe26WYalil77FoDi9qh59eK5xNr
  3. [Comment] Using openssl with s_client option to establish the encrypted communication
  4. bandit15@melinda:~$ echo BfMYroe26WYalil77FoDi9qh59eK5xNr | openssl s_client -quiet -connect localhost:30001
    depth=0 CN = localhost
    verify error:num=18:self signed certificate
    verify return:1
    depth=0 CN = localhost
    verify return:1
    Correct!
    cluFn7wTiGryunymYOu4RcffSxQluehd

    read:errno=0
  5. [Comment] Using exit command to disconnect connection to server
  6. bandit15@melinda:~$ exit
    logout
    Connection to bandit.labs.overthewire.org closed.
  7. [Comment] It's done! Saving the password for next level.
Reference:
sshhttp://linuxcommand.org/man_pages/ssh1.html
lshttp://linuxcommand.org/man_pages/ls1.html
cathttp://linuxcommand.org/man_pages/cat1.html
exithttp://linuxcommand.org/man_pages/exit1.html
cdhttp://linuxcommand.org/lc3_man_pages/cdh.html
findhttp://linuxcommand.org/man_pages/find1.html
grephttp://linuxcommand.org/lc3_man_pages/grep1.html
sorthttp://linuxcommand.org/lc3_man_pages/sort1.html
uniqhttp://linuxcommand.org/man_pages/uniq1.html
stringshttp://linuxcommand.org/man_pages/strings1.html
base64http://linux.die.net/man/1/base64
trhttp://linuxcommand.org/man_pages/tr1.html
aliashttp://linuxcommand.org/man_pages/alias1.html
mkdirhttp://linuxcommand.org/man_pages/mkdir1.html
cphttp://linuxcommand.org/man_pages/cp1.html
xxdhttp://linuxcommand.org/man_pages/xxd1.html
filehttp://linuxcommand.org/man_pages/file1.html
mvhttp://linuxcommand.org/man_pages/mv1.html
gziphttp://linuxcommand.org/man_pages/gzip1.html
bzip2http://linuxcommand.org/man_pages/bzip21.html
tarhttp://linuxcommand.org/man_pages/tar1.html
echohttp://linuxcommand.org/man_pages/echo1.html
nchttp://linuxcommand.org/man_pages/nc1.html
opensslhttp://linuxcommand.org/man_pages/openssl1.html

3 comments:

  1. I can't figure out why "Getting "HEARTBEATING" and "Read R BLOCK"?" is a helpful notey

    ReplyDelete
    Replies
    1. If you don't "-quiet" your command you ghet "HEARTBEATING" and your connection is closed.

      Delete
  2. This comment has been removed by the author.

    ReplyDelete