Level Goal
The credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000. First find out which of these ports have a server listening on them. Then find out which of those speak SSL and which don’t. There is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it.
For this we are going to need to scan the network and see which ports are open
We can use nmap to scan the port range 31000 to 32000
After this scan it looks like we have 5 ports open, now we can take another look in nmap or we can just test them.
I tried using the ssl-enum-ciphers script, but did not have any luck, so I will just manually test the ports.
[Openssl stuff]
Now it looks like we have a ssh key again.
Let’s save this and use it to try to connect to bandit17
When we first try to connect, it looks like we get an error for our key being open to everyone, easy enough to fix.
Now if we look at /etc/bandit_pass/bandit17, we can find level 17’s flag
Killian Sherer 