Login
- ssh :
ssh bandit16@bandit.labs.overthewire -p 2220 - password :
kSkvUpMQ7lBYyCM4GBPvCvT1BfWRy0Dx
Task :
- you can connect to the next level by submitting the current level password on localhost on a random port between 31000 and 32000 that uses
ssl
Theory
nmapis a network scanner. It can do Host Discovery, Port Scanning, Version Detection (Service Detection) and a lot more. For this task, we use the flag-pto lets us choose which ports to scan.- By default, nmap scans the top 1000 ports (not the first 1000 ports). Use
-p-to scan all 65535 ports. The-sVflag lets us do a service/version detection scan. It is possible to make Nmap perform all possible scans with the-Aflag this will take a while though. A full scan would have the following command:nmap -p- -A <host>, where<host>could be either an IP address or the name.
Solution
- I used nmap to search for the right port :
nmap -sV localhost -p 31000-32000
and this will be displayed :
PORT STATE SERVICE VERSION
31046/tcp open echo
31518/tcp open ssl/echo
31691/tcp open echo
31790/tcp open ssl/unknown
31960/tcp open echo
I noticed that we found 2 ports that use ssl one is just echos which means it’s note the right one, and the other is unknown.
i used the next command to connect to the localhost :
ncat localhost --ssl 31790
i got a private key ,first i had to create a file with mktemp -d.
it would be created with a random name in the /tmp directory ,I moved to there and created a file with the name sshkey.private and copy the key inside it.
then I connected to the next level with the following command :
ssh -i sshkey.privete bandit.labs.overthewire.org -p 2220
- as always you can find the password of the current level in the directory
/etc/bandit_pass/banditXX