Contents

Bandit: 13 - 23

   Oct 15, 2024     3 min read

OverTheWire:

The next levels will test skills in file manipulation, data extraction, and various encoding schemes.

Level: 13

The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. Note: localhost is a hostname that refers to the machine you are working on

Commands Used:

  • ssh - (Secure Shell: Default - Port 22) used to securely connect to a remote machine, provides encrypted commmunication between 2 untrusted hosts over an insecure network.
  • sshkey.private (Private SSH key) this is used for authenticating your identity when connecting to a remote server using SSH.

Exposing private keys in public repositories or shared systems is a security issue, keep private keys secure.

Bandit0

Once you obtain access, you will be able to find the password in the stored location: cat /etc/bandit_pass/bandit14

Level Password: MU4VWeTyJk8ROof1qqmcBPaLh7lDCPvS

Level: 14

The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost.

Commands Used: nc (netcat) - network communication tool that allows users to read and write data across network connections using TCP or UDP.

  • netcat can be used for port scanning, file transferring, network debugging, connecting systems together, and tunneling.
  • netcat can listen for incoming connections, which can receive commmands on a backdoored device.
  • netcat can monitor network traffic, detect anomalous activity, and transfer files to another system.

In this level, we established a connection to a service running on the local machine on port 30000.

Bandit0

Level Password: 8xCjnmgoKbGLhHFAZlGE5Tmu4M2tKJQo

Level: 15

The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL/TLS encryption.

Note: ncat, along with most other commands, intrpret its arguments in a specific way and require correct syntax. For example, we need to utilize port 30001 on localhost, which ncat can be useful for. However, the correct syntax requires the port directly after the hostname is specified without the -p flag.

We can utilize openssl alternatively, however, I will continue expanding on netcat.

Bandit0

Level Password: kSkvUpMQ7lBYyCM4GBPvCvT1BfWRy0Dx

The command is telling netcat to connect to localhost on port 30001 using ssl. If you add the -p argument, this would bind the local port 30001 for the outgoing connection, which is not what is required in this context. Binding involves associating a socket with a specific port number on the local machine, which allows the socket to listen for incoming connections or send data from that port. Severs listen for incoming connections. Ports must be reserved for the application, so others do not utilize. Listeners are effective for data exchange, command execution, file transfer, service provision, and session management.

  • Create Socket > Bind Socket > Listen

Level: 16

The credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000. First find out which of these ports have a server listening on them. Then find out which of those speak SSL/TLS and which don’t. There is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it.

  • nmap (Network Mapper) - this is an open source tool often used for network and security auditing. This tool will help network administrators reveal hosts and services on various systems. The tool can be used both locally and remotely.
  • arguments: -sV: service version detection, -T4: timing of the scan 0 is slowest 5 is fastest, 127.0.0.1: localhost, -p port specification.

Bandit0

Looking closely at the highlighted text you will notice the wording: ‘please enter the correct password’ associated with Port 31790. This indicator suggests this is the correct port.

Bandit0

RSA private keys are an important part of assymetric cryptography, it can be used for decrypting data, digital signatures, authentication, secure key exchange, and code signing. This RSA key may be useful in the future, we should save the file in the /tmp directory.