Post

Bandit: Level 15 - Level 16

Bandit: Level 15 - Level 16

Level 15

Username: bandit15
Password: 8xCjnmgoKbGLhHFAZlGE5Tmu4M2tKJQo

Task:

https://overthewire.org/wargames/bandit/bandit16.html

1
2
3
4
5
6
The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL/TLS encryption.

Helpful note: Getting “DONE”, “RENEGOTIATING” or “KEYUPDATE”? Read the “CONNECTED COMMANDS” section in the manpage.

Commands you may need to solve this level
ssh, telnet, nc, ncat, socat, openssl, s_client, nmap, netstat, ss

Start

Let’s begin by connecting to the server bandit.labs.overthewire.org and logging in with user bandit15 on port 2220.

We have several commands available for this task:

1
2
3
4
5
6
ssh (1)              - OpenSSH remote login client
telnet (1)           - user interface to the TELNET protocol
nc (1)               - arbitrary TCP and UDP connections and listens
openssl (1ssl)       - OpenSSL command line program
s_client (1ssl)      - OpenSSL application commands
nmap (1)             - Network exploration tool and security / port scanner

Solve the level

Now we have the task with the encrypted variant. The command openssl looks correct here. Lets check the manual on this one.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
OPENSSL(1SSL)                                                                       OpenSSL                                                                      OPENSSL(1SSL)

NAME
       openssl - OpenSSL command line program

SYNOPSIS
       openssl command [ options ... ] [ parameters ... ]

       openssl no-XXX [ options ]


 s_client
           This  implements a generic SSL/TLS client which can establish a transparent connection to a remote server speaking SSL/TLS. It's intended for testing purposes only
           and provides only rudimentary interface functionality but internally uses mostly all functionality of the OpenSSL ssl library.

openssl is a very “big” command, there are many things to do with openssl later.

Okay so we can use openssl in combination with s_client.

Lets check the helpfile from s_client

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
bandit15@bandit:~$ openssl s_client -help
Usage: s_client [options] [host:port]

General options:
 -help                      Display this summary
 -engine val                Use engine, possibly a hardware device
 -ssl_client_engine val     Specify engine to be used for client certificate operations
 -ssl_config val            Use specified section for SSL_CTX configuration
 -ct                        Request and parse SCTs (also enables OCSP stapling)
 -noct                      Do not request or parse SCTs (default)
 -ctlogfile infile          CT log list CONF file

Network options:
 -host val                  Use -connect instead
 -port +int                 Use -connect instead
 -connect val               TCP/IP where to connect; default: 4433)

It seems, we can build an excrypted connection via -connect

1
2
3
4
5
6
7
8
9
10
11
12
13
14
bandit15@bandit:~$ openssl s_client -connect localhost:30001
CONNECTED(00000003)

    Start Time: 1725351598
    Timeout   : 7200 (sec)
    Verify return code: 18 (self-signed certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
8xCjnmgoKbGLhHFAZlGE5Tmu4M2tKJQo
Correct!
kSkvUpMQ7lBYyCM4GBPvCvT1BfWRy0Dx

Perfect, that worked! We have our password.

Password: kSkvUpMQ7lBYyCM4GBPvCvT1BfWRy0Dx

Explanation:

Using OpenSSL’s s_client for SSL/TLS Connections

OpenSSL is a powerful toolkit for working with SSL/TLS protocols, and s_client is a useful command within OpenSSL for testing and debugging SSL/TLS connections. Here’s a basic overview of what s_client does and how to use it.

What is s_client?

openssl s_client is a command-line tool that allows you to connect to a remote server using SSL/TLS and test the server’s certificate and connection. It’s primarily used to:

  • Verify SSL/TLS Certificates: Check if a server’s SSL/TLS certificate is valid.
  • Debug Connections: Inspect the details of the SSL/TLS handshake and connection.
  • View Certificates: Display information about the server’s SSL/TLS certificate.

How to Use s_client

To use s_client, you need to specify the remote server and port you want to connect to. Here’s the basic syntax:

1
openssl s_client -connect [host]:[port]
This post is licensed under CC BY 4.0 by the author.