[Bandit-OverTheWire] Level 15 -> Level 16

두비니

·

2020. 9. 22. 16:28

 

 

Bandit Level 15 → Level 16

Level Goal

The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.

Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -ign_eof and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command…

Commands you may need to solve this level

ssh, telnet, nc, openssl, s_client, nmap

Helpful Reading Material

 

 

 

접속

접속 : ssh bandit15@bandit.labs.overthewire.org -p2220
pw : BfMYroe26WYalil77FoDi9qh59eK5xNr

 

문제 읽어보면 level15 패스워드를 포트 30001 localhost로 제출하되 ssl 암호화를 진행하라고하네요.

접속방법을 nc랑 ssh밖에 몰라서 좀 찾아봤는데, openssl이라는 명령어가 있네요.

 

참고 : www.lesstif.com/software-architect/openssl-command-tip-7635159.html

 

OpenSSL 자주 쓰는 명령어(command) 및 사용법, tip 정리

-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-256-CBC,9BF3ACA724D1187B19BDDB1585687E8A

www.lesstif.com

 

 

bandit15@bandit:~$ openssl s_client -connect localhost:30001
CONNECTED(00000003)
depth=0 CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = localhost
verify return:1
---
...(생략)

 

뭐가 열심히 막 뜨는데

 

BfMYroe26WYalil77FoDi9qh59eK5xNr
Correct!
cluFn7wTiGryunymYOu4RcffSxQluehd

closed
bandit15@bandit:~$ 

 

짜잔