Bandit Level 20 → Level 21 풀이

Level Goal

There is a setuid binary in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will transmit the password for the next level (bandit21).

NOTE: Try connecting to your own network daemon to see if it works as you think

Commands you may need to solve this level

ssh, nc, cat, bash, screen, tmux, Unix ‘job control’ (bg, fg, jobs, &, CTRL-Z, …)

---

0. bandit20 접속

GbKksEFF4yrVs6il55v6gwY5aVje5f0j

 

 

1. 프로그램확인

bandit20@bandit:~$ ./suconnect
Usage: ./suconnect <portnumber>
This program will connect to the given port on localhost using TCP. If it receives the correct password from the other side, the next password is transmitted back.

포트넘버를 입력하면 해당 포트에해당하는 통신을 시작한다고한다. 올바른 암호를 받으면 다음단계의 암호를 던져준다.

 

2. suconnect가 접속하기위한 서버 

bandit20@bandit:~$ nc -l -p 3333 < /etc/bandit_pass/bandit20

3333포트를 열고 접속시 bandit20의 비밀번호를 suconnect에 전달하게된다.

 

3. suconnect 접속

bandit20@bandit:~$ ./suconnect 3333
Read: GbKksEFF4yrVs6il55v6gwY5aVje5f0j
Password matches, sending next password

3333포트에 접속시 bandit20의 비밀번호를받고 짜여진 로직대로 nc 서버에 다음 비밀번호를 보낸다.

 

4. bandit21 비밀번호

gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr

nc 서버측에서 비밀번호를 받는다