The last level was really fun, learning that a binary can be used to execute commands under a different user, will come in handy in the future. Moving forward this information, do bandit level 20 should be easier. If you haven’t had a chance to read my OverTheWire Bandit Write Up – Level 19 write up, give it a quick read then head back over here.
This level, similarly to the last has a binary located in the bandit level 20 user directory. Using the binary I will be able to make a connection to localhost on a port I specify. Once connecting I can send the password for level 20 and it will output the next level password.
Let’s Start Hacking Then
Before I can do anything, the first thing I need to do is initiate a SSH connection to the system.
ssh email@example.com -p 2220
I’m then prompted for the password, I enter the one I got from the last level and I’m in. It’s now time to start playing. I start by checking what I have in the current directory with the
ls command. I’m then presented with a single binary
suconnect. Before I can use the binary effectively I need to know how it works. I run the following;
To which I am presented with the following output
This program will connect to the given port on localhost using TCP. If it receives the correct password from the other side, the next password is transmitted back.
At this point I was unsure what port I needed to use so I started with port
22. However, this just gave me an error and exited the binary. I then thought maybe the port would be found using the
netcat command however, the ports available were not correct either.
Now feeling defeated with this level I spent another 1-2 weeks thinking about where I was going wrong and just came up stumped each time. This was then when I thought I would ask for a hint from the OverTheWire community. I headed over the IRC and spoke with a really helpful person who pushed me towards the following information.
the main thing to be aware of here is the client/server distinction and which role the suconnect program takes
Taking this new information I finally realised what I needed to do, and that was to setup both the server and the client on same machine. There are a couple of ways to do this. I can use the screen command that I had to use in a previous level, or use
tmux. tmux was going to be my chosen option as this would allow me to split the terminal view in half. To load a tmux terminal I run the following.
I can now split the tmux session into two halves using
Ctrl+b ". The terminal is now split with a horizontal line across the middle. In bottom of the two windows I use the following command to listen on port
1234 with the
nc -l -p 1234 localhost
I then use
Ctrl+b (up arrow) to go to the top window while leaving the
nc server running below. Now in the top window I run the following command to initiate the
I now need to send the bandit level 20 password from the server to the client. Moving to the bottom window using
Ctrl+b (down arrow) I then paste in the password and press enter. In the top window I then see the follow
Password matches, sending next password
…and Wham! Bam! Thank you ma’am! I have the password now for level 21.
Level 20 Complete
I have hidden the password here, if you are playing along don’t peek! Please! It’s more fun getting it yourself.
Level 21 password
Justin Byrne is a self motivated tech enthusiasts. Spending more than half his life dedicated to the tech industry. He built his first computer at the age of 11, and has been building ever since. His interests have changed across the years from system building to web programming and even a dab of software engineering, and just like his interests, his operating system has changed sometimes more then 4 times a year.