티스토리 뷰

Wargame/Bandit

Bandit Level 16 → Level 17

장일영 2024. 5. 16. 13:19

 

Goal

The credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000. First find out which of these ports have a server listening on them. Then find out which of those speak SSL and which don’t. There is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it.

다음 레벨의 credentials는 현재 레벨의 패스워드를 localhost의 31000 - 32000번 사이의 포트에 제출하면 얻을 수 있다. 첫 번째로 해야 하는 것은 어떤 포트가 열려 있는지 찾는 것이다. 그 다음 SSL 통신을 하는 포트와 그렇지 않은 포트를 찾아라. 1개의 서버에서만 다음 레벨의 credentials를 얻을 수 있고, 나머지 서버는 네가 보낸 값을 단순히 돌려줄 뿐이다.

 

Commands you may need to solve this level

`ssh`, `telnet`, `nc`, `openssl`, `s_client`, `nmap`

 

Write Up

bandit16@bandit:~$ nc -zv 127.0.0.1 31000-32000 2>&1 | grep succeeded
Connection to 127.0.0.1 31046 port [tcp/*] succeeded!
Connection to 127.0.0.1 31518 port [tcp/*] succeeded!
Connection to 127.0.0.1 31691 port [tcp/*] succeeded!
Connection to 127.0.0.1 31790 port [tcp/*] succeeded!
Connection to 127.0.0.1 31960 port [tcp/*] succeeded!

 

열려 있는 포트는 총 5개 이고, 이 중 SSL 통신을 하면서 credentials를 반환하는 포트를 찾았다.

bandit16@bandit:~$ openssl s_client -connect 127.0.0.1:31790

 

현재 레벨의 플래그를 입력하고 RSA Key 값을 얻었다.

bandit16@bandit:~$ cd $(mktemp -d) && vi credential

 

이 값을 `/tmp` 디렉토리 하위에 credential 파일을 만들고 붙여넣기 해서 저장했다.

bandit16@bandit:/tmp/tmp.ifS7iJ5IER$ chmod 700 ./credential
bandit16@bandit:/tmp/tmp.ifS7iJ5IER$ ssh -i ./credential bandit17@localhost -p 2220

 

RSA Key 파일의 접근 권한을 변경하고 이를 통해 bandit17 서버에 접속했다. 이전 레벨과 마찬가지로 `/etc/bandit_pass` 디렉토리에서 bandit17의 패스워드를 얻었다.

'Wargame > Bandit' 카테고리의 다른 글

Bandit Level 18 → Level 19  (0) 2024.05.16
Bandit Level 17 → Level 18  (0) 2024.05.16
Bandit Level 15 → Level 16  (0) 2024.05.16
Bandit Level 14 → Level 15  (0) 2024.05.16
Bandit Level 13 → Level 14  (0) 2024.05.16
공지사항
최근에 올라온 글
최근에 달린 댓글
Total
Today
Yesterday
링크
«   2026/06   »
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30
글 보관함