Over the Wire’s Bandit Challenge – Level 15
Level Instructions:
“The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.
Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -ign_eof and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command…”
bandit15@bandit:~$ openssl s_client -connect localhost:30001 -quiet
depth=0 CN = bandit
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = bandit
verify return:1
BfMYroe26WYalil77FoDi9qh59eK5xNr
Correct!
cluFn7wTiGryunymYOu4RcffSxQluehd
We use the command ‘openssl’ to establish a secure connection over port 30001. The directions hint at possible output errors you may receive and points to appending your command with ‘-ign_eof’ which prevents the connection from being terminated once end of file is reached in the input. Above I used the switch ‘-quiet’ for it not only implicitly passes the ‘-ign_eof” switch, but also inhibits the printing of session and certificate information, cleaning up the output a bit for this particular task.
Hi there! Such a good article, thanks!