Login

  • ssh : ssh bandit15@bandit.labs.overthewire -p 2220
  • password : 8xCjnmgoKbGLhHFAZlGE5Tmu4M2tKJQo

Task :

  • the password of the next level can be retrieved by submitting the current level password to localhost on port 30001 using the SSL encryption

Theory

  • SSL, or Secure Sockets Layer, is a security protocol that establishes an encrypted link between a web server and a browser, ensuring that all data passed between them remains private
  • OpenSSL The command-line tool for using the OpenSSL cryptography library. It supports many sub-commands for encryption, certificates, SSL/TLS, etc.
  • s_client A subcommand of openssl that acts as a generic SSL/TLS client. It allows you to connect to a server to test and inspect its SSL/TLS configuration.
  • -connect <server>:<port> Specifies the host-name (or IP) and port of the server to connect to. The format is host:port. For example: -connect google.com:443 will attempt to initiate an SSL/TLS handshake with Google’s HTTPS server.

Solution

  • first i got the current level password , if you did not save it somewhere you can always find it in /etc/bandit_pass/bandit15
  • then i used the following command :
openssl s_client -connect localhost:30001
  • after getting a response you’d submit the password to solve the level.