Bandit21

Website URL: http://overthewire.org/wargames/bandit/bandit21.html

 

Let’s log into the game server as bandit20.

The task:

There is a setuid binary in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will transmit the password for the next level (bandit21).

Let’s find the binary and execute it

ls
./suconnect

So, we need to send the current password to a particular port to get the next password. Note the wording. The password needs to be sent from “the other side”. This means, we will have to manually setup a connection between two terminals. So, lets do that.

We can choose any port number. I’m choosing 1234. Let’s open a listener in a terminal window.

#Terminal 1:
nc -l localhost -p 1234

Meanwhile, let’s execute on another terminal, the executable provided to us.

#Terminal 2
./suconnect 1234

Now, let’s go back to Terminal 1 (the nc listener one) and enter the password for the current level there i.e. GbKksEFF4yrVs6il55v6gwY5aVje5f0j

Mission accomplished!