LinkedInGitHub

Level 15 → 16

Level Goal

The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL/TLS encryption.

Helpful note: Getting “DONE”, “RENEGOTIATING” or “KEYUPDATE”? Read the “CONNECTED COMMANDS” section in the manpage.

Write-Up

  1. The password for the bandit15 level: 8xCjnmgoKbGLhHFAZlGE5Tmu4M2tKJQo

  2. Use OpenSSL to connect to localhost on port 30001 with SSL/TLS encryption:

openssl s_client -connect localhost:30001
openssl s_client -connect localhost:30001

  1. After the SSL handshake is completed, enter the bandit15 password:

8xCjnmgoKbGLhHFAZlGE5Tmu4M2tKJQo
8xCjnmgoKbGLhHFAZlGE5Tmu4M2tKJQo

The server responded with the password for the next level: kSkvUpMQ7lBYyCM4GBPvCvT1BfWRy0Dx

  1. Access the next level:

ssh [email protected] -p 2220

Enter the password when prompted.

Lessons Learned

  • The openssl command-line tool is useful for establishing secure connections

  • SSL/TLS encryption can be used for local connections, not just over networks

  • Sending sensitive data (like passwords) over encrypted connections is more secure, even locally

-- Othmane

PreviousLevel 14 → 15NextLevel 16 → 17

Last updated

Was this helpful?