Bandit level 14

Bandit 14

Level Goal

The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost.

Commands you may need to solve this level

ssh, telnet, nc, openssl, s_client, nmap

Helpful Reading Material


Okay so I know telnet doesn't have authentication. I know I'm probably using that so I check the man page.

Synopsis

telnet [-8EFKLacdfrx] [-X authtype] [-b hostalias] [-e escapechar] [-k realm] [-l user] [-n tracefile] [ 
                                                   host [port]]

Okay so the command will be "telnet localhost 30000", remember those instructions from the previous level on where that password was? Neither do , lets read it again!

"The password for the next level is stored in /etc/bandit_pass/bandit14 and can only be read by user bandit14"

GGEZ


bandit14@bandit:~$ cat /etc/bandit_pass/bandit14
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
bandit14@bandit:~$ telnet localhost 30000
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e
Correct!
BfMYroe26WYalil77FoDi9qh59eK5xNr

Connection closed by foreign host.
bandit14@bandit:~$

We slayed that







Glowfish Contrast

Comments

Post a Comment

Popular posts from this blog

Thoughts on ISSA talk on using AI to automate security

Recently I attended the ISSA presentation in MN, the description of it: The Power and Potential of Robotic Process Automation. And the Security Risks. Please join us on March 22 nd  as we explore the powerful and emerging Robotic Process Automation technology in regards to what IT security professionals need to know about RPA platforms . Robotic process automation (RPA) is a powerful and emerging technology that streamlines and standardizes many human user processes as well as harmonizes different systems across an organization’s environment. So what do IT security professionals need to know about RPA platforms? Very simply, it is a new attack vector and organizations need to start to understand their risk. Because RPA software interacts directly with business applications and mimics the way applications use and mirror human credentials and entitlements, this can introduce risks when the software robots automate and perform routine business processes across multiple
Read more

Bandit 12

Bandit 12 bandit12@bandit:~$ ls data.txt bandit12@bandit:~$ mkdir data bandit12@bandit:~$ cp data.txt ./data bandit12@bandit:~$ cd data bandit12@bandit:~/data$ ls data.txt bandit12@bandit:~/data$ file data.txt data.txt: ASCII text 0000000: 1f8b 0808 4572 4259 0203 6461 7461 322e ....ErBY..data2. 0000010: 6269 6e00 0143 02bc fd42 5a68 3931 4159 bin..C...BZh91AY 0000020: 2653 59a3 fd61 8800 0019 ffff dffb 1ff5 &SY..a.......... 0000030: f7d7 dfdb fe4f ffb3 b5f7 ffdf b2d8 fefb .....O.......... 0000040: e7dd fffa fefd 7f7b d1fb fe3f b001 3b56 .......{...?..;V 0000050: a106 81a0 1a00 07a8 0068 01a1 a69a 0000 .........h...... 0000060: d1a0 d034 6868 34f5 0641 a000 000d 000f ...4hh4..A...... 0000070: 5064 00d0 321a 69e9 0323 1a27 a883 4003 Pd..2.i..#.'..@. 0000080: 41a0 01ea 0000 0003 4000 0068 7a4f 4800 A.......@..hzOH. 0000090: 0c8c 803d 41a0 64d1 a3d4 d1a3 6a68 01a0 ...=A.d.....jh.. 00000a0: 34da 8340 003d 4347 a83a 69a6 8699 0034 4..@.=CG.:i....4 00000b0: 3203 4610 3
Read more