Home - Writeups - Bandit Overthewire wargames walkthrough level 16 – 20

Bandit Overthewire wargames walkthrough level 16 – 20

Bandit overthewire wargames level 11 – 15

Bandit overthewire wargames level 21 – 25

Bandit is a game for beginners in Linux. As it is a great guide for learning the command line and Linux. So we will continue with the game here is the link for the next level.

Level 16→20

  • Host: bandit.labs.overthewire.org
  • port: 2220

bandit level 15 → 16

As we are instructed password for the next level will be retrieved by submitting the password of the current level to port 30001 on the localhost using SSL encryption. As a result, we will use the OpenSSL command-line tool in Linux. In addition, we will use the s_client parameter as we are connecting a client. We want to connect to the localhost at port 30001, therefore we use localhost:30001. After that, we will submit the password of bandit15 using echo command using a pipe operator.

bandit level 16, openssl, ssl
  • echo BfMYroe26WYalil77FoDi9qh59eK5xNr | openssl s_client -connect localhost:30001 -ign_eof
bandit level 16, password

As Linux shell takes this input it will give the password for the next level.

bandit level 16 → 17

As we know the password of bandit 17 is accessed by giving the password of bandit 16 to a port between 31000-32000. But we don’t know which port will take our input. Therefore to get more details about active ports and services running, we will use Nmap. In addition, we will use -sV flag to get details about services running on active ports. After that we use -p flag to give a range of ports to scan that is 31000 to 32000.

bandit level 17, nmap
  • nmap -sV localhost -p 31000-32000

Moreover, we find port 31790 using SSL service and all other ports are using echo command. Therefore we connect to 31790 port using OpenSSL command. After that, we will use s_client to connect as client and our hostname is localhost.

bandit level 17, openssl
  • echo cluFn7wTiGryunymYOu4RcffSxQluehd | openssl s_client -connect localhost:31790 -ign_eof

However, in the end we get private key instead of the password. In other words, we will use private key to log in to bandit 17. But first, we have to store the private key in a file to pass it as parameter. So we create a directory in /tmp/[folder_name] and save private key.

linux, prtivate key
  • mkdir /tmp/private_key
  • cd /tmp/private_key

We use nano. Its a command line text editor in Linux. After that we paste private key and save the file.

Linux, rsa
  • nano private_key

As we have create the private key, ssh will not allow a key with open permission to connect to next level. Therefore we will change permission so that only the owner can read and write it. For this, we will use chmod command to change permissions of the file.

bandit level 17, file permissions

bandit level 17 → 18

As we are instructed password to bandit 18 is in password.new and is only line that’s changed between password.old and password.new. So we will use the “diff” command as it helps in comparing the contents of the file. After that, it shows output of the difference between 2 files.

  • ls
  • diff passwords.old passwords.new

bandit level 18 → 19

As we try to connect to bandit level 18 we get Byebye message and connection is closed.

bandit level 19, byebye

However we will use -T flag to forcefully keep the terminal open

bandit level 19, -T flag, linux

After that we can see the files and print its output in Linux command-line.

bandit level 19, cat readme, password
  • ls
  • cat readme

bandit level 19 → 20

As we know to get the password for the next level we have to run bandit20-do as another user. Firstly we get more information about the file using ls -l command. As it will tell us about the file’s owner and group. After that, we can see the file owner is bandit 20. So we will run the file as bandit20 by using password of bandit 20 as a parameter. As we know file belongs to bandit 20 so it has permission to read contents of /etc/bandit_pass/bandit20. In end, we will get password for bandit 20.

bandit level 20, setuid, linux
  • ls -l
  • ./bandit20-do cat /etc/bandit_pass/bandit20

Some useful links to study Linux commands in detail.

Bandit overthewire wargames level 11 – 15

Bandit overthewire wargames level 21 – 25

0 0 votes
Article Rating
Notify of
1 Comment
Newest Most Voted
Inline Feedbacks
View all comments
1 year ago

[…] Bandit overthewire wargames level 16 – 20 […]

Would love your thoughts, please comment.x