OverTheWire Bandit Level 16->Level 17 - Walkthrough

OverTheWire Bandit Solutions

Introduction

In this post, I will be giving you a walkthrough to the Bandit wargame Level 16->Level 17. We will learn the new command "nmap" to clear this level as it is used to scan ports and has various options that we can use to get the services running on the ports.

Goal

Get the password for the next level by submitting the password of the current level to a port on localhost in the range 31000 to 32000. First find out which of these ports have a server listening on them. Then find out which of those speak SSL and which don’t. There is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it.

Login Details

Server - bandit.labs.overthewire.org
Port - 2220
Username - bandit16
Password - JQttfApK4SeyHwDLI9SXGR50qclOAil1

Theory

Ports are virtual points where network connections start and end. Each port is associated with a specific process or service that allows computers to easily differentiate between different kinds of traffic. Port Scanning refers to the process that sends client requests to a range of server port addresses on a host to find open ports.

nmap is a network mapper which is mostly used for network scanning and discovery. It can discover hosts that are online or offline and the services that they offer on some of the ports that they have opened. It sends raw packets to the system ports and then listens their responses to determine whether they are open or closed or filtered.

To clear this level, one of the options used is "-p". It is used to perform scan on a specific port or a range of ports. Another option used in this level is "-sV" which is used to determine the service/version information.

This level also utilizes openssl which we used in the previous level.

Solution

SSH into the user bandit16 using the command "ssh bandit16@bandit.labs.overthewire.org -p 2220" and the above password. Type the command "nmap -sV localhost -p 31000-32000" to get the open ports and the services running on them.

This gives us two ports which are using SSL out of which one port(31518) runs the echo service whereas the other port(31790) runs an unknown service which seems to be more promising port.

Now, use openssl to connect to this port and send the password. Type the command "openssl s_client -connect localhost:31790"

Submit the current level's password at the end and copy the private key displayed and paste it in a file in /tmp directory. Utilize this private key file to login to the next level as we did in the level 14 walkthrough. 

This completes this Level. I would encourage you to learn more about the nmap command as it is a very useful tool in cybersecurity. Please post your doubts and suggestions in the comment section.