Bandit Walkthrough – Level 15
Level Description
http://www.overthewire.org/wargames/bandit/bandit16.shtml
This level teaches you how to send information to a specific port on a device securely using SSL.
Hint
The password for bandit15 is located in the same place bandit14’s password was: /etc/bandit_pass/ – you will need to read the password out of this and pass it to port 30001 on the localhost. This process is pretty similar to level 14, only it uses the openssl command. You may hit a slight bump where you expect to have the next password returned to you, but end up only seeing “HEARTBEATING” or “read R BLOCK”. If you run into this, make sure to look back at the OTW page for their hint (or just look in to the spoilers below).
Solution | Show> |
---|---|
Hey buddy – correction:
[$]-> cat /etc/bandit_pass/bandit15 | openssl s_client -connect localhost:30001 -quiet
Good catch! Thanks!
So, from what I have tried, if you simply copy and paste the bandit15 password, while using the command
openssl s_client -connect localhost:30001
You will not only receive a lot of information you don’t need (certificate and session information), but you will be able to then paste the password and get the result you need. If you use the command
cat /etc/bandit_pass/bandit15 | openssl s_client -connect localhost:30001
for some reason you won’t receive a message with the next password. However by tacking on -ign_eof, you will still receive the certificate and session information, but you will also receive the password you need. -ign_eof is implicitly turned on by using -quiet. -quiet merely removes all the certificate and session information, so the real question here is why -ign_eof is needed when piping.
Let me know if you have any idea.
We dont have access to the password with #cat /etc/bandit_pass/bandit15 so we cant pipe as far as i can get it to work. Copy paste seems like the only solution
the -quiet is an s_client argument
and it means that you get no s_client output