Over The Wire

Bandit

Host: bandit.labs.overthewire.org

Port: 2220

Level 20

ssh bandit20@bandit.labs.overthewire.org -p 2220
password: VxCazJaVykI6W36BkBU0mJTCM8rR95XT

Objective:

There is a setuid binary in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will transmit the password for the next level (bandit21).

NOTE: Try connecting to your own network daemon to see if it works as you think.

To create a one-time server, send one message then disconnect, we use "|" and echo. Netcat will create a connection in server mode that listens for an inbound connecter.

  • -l means listening
  • -n prevents newline charactor
  • & to run in background

CLI:

bandit20@bandit:~$ echo -n 'VxCazJaVykI6W36BkBU0mJTCM8rR95XT' | nc -l -p 1234 &[1] 1356183

bandit20@bandit:~$ ./suconnect 1234
Could not connect ...
[1]+ Done
echo -n 'VxCazJaVykI6W36BkBU0mJTCM8rR95XT' | nc -l -p 1234

bandit20@bandit:~$ echo -n 'VxCazJaVykI6W36BkBU0mJTCM8rR95XT' | nc -l -p 1234 & [1] 1357707

bandit20@bandit:~$ ./suconnect 1234
Read: VxCazJaVykI6W36BkBU0mJTCM8rR95XT
Password matches, sending next password
NvEJF7oVjkddltPSrdKEFOllh9V1IBcq
bandit20@bandit:~$

Bandit