Level Goal
The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.
Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -ign_eof and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command…
Solution
Password: BfMYroe26WYalil77FoDi9qh59eK5xNr
1 2 |
$ ssh [email protected] -p 2220 |
Now we have to connect to a port using SSL encryption. This requires openssl and utilising the s_client. Let’s give it a go.
1 2 3 4 5 6 7 8 9 10 |
[email protected]:~$ openssl s_client -connect localhost:30001 CONNECTED(00000003) depth=0 CN = bandit ... Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- BfMYroe26WYalil77FoDi9qh59eK5xNr HEARTBEATING read R BLOCK |
Wut.
It’s okay. We got a note about that. Let’s try again by adding -ign_eof. Let’s also add -quiet just to remove some of the extra bullshit we don’t care about.
1 2 3 4 5 6 7 8 9 |
$ openssl s_client -connect localhost:30001 -quiet depth=0 CN = bandit verify error:num=18:self signed certificate verify return:1 depth=0 CN = bandit verify return:1 BfMYroe26WYalil77FoDi9qh59eK5xNr Correct! cluFn7wTiGryunymYOu4RcffSxQluehd |
Bingo.