OverTheWire Bandit Guide

Previous Level Guide: Bandit Level 14 → 15

Access

SSH: ssh bandit15@bandit.labs.overthewire.org -p 2220

Password: LSAAg2asGSvcoXbFoYEPdlyxdwYqWNei

Info

Description: The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL/TLS encryption. Helpful note: Getting “DONE”, “RENEGOTIATING” or “KEYUPDATE”? Read the “CONNECTED COMMANDS” section in the manpage.
Commands: ssh, telnet, nc, ncat, socat, openssl, s_client, nmap, netstat, ss

Theory

To get the password, the instructions say that we have to enter to a localhost in port 30001 and just put the password for entering this level, the difference between the previous level and this one is that now we need to use SSL encryption, so that leads us to using openssl, which is used for debugging servers with other commands, but in this case the "other" command we'll use s_client so that it becomes client interface kinda like the one in netcat in the previous level. Finally add the -connect option to connect to this server at localhost with port 30001. After all that we get a command like this:

openssl s_client -connect localhost:30001

Solution

Now you just have to get into the level and do the command:

~$ openssl s_client -connect localhost:30001
LSAAg2asGSvcoXbFoYEPdlyxdwYqWNei
Correct!
knnW8msaRxaAN7adaEg07rkKnqrQ5Yky

And that's it, it worked! Now we should be good to go to the next level.