Level Goal

There is a setuid binary in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will transmit the password for the next level (bandit21).

NOTE: Try connecting to your own network daemon to see if it works as you think

Commands you may need to solve this level

  • ssh
  • nc
  • cat
  • bash
  • screen
  • tmux
  • Unix ‘job control’ (bg, fg, jobs, &, CTRL-Z, …)

My Answer (Step by step)

  1. 連線到伺服器並登入
ssh bandit20@bandit.labs.overthewire.org -p 2220
  1. 透過 ls 指令可以發現目錄中有一個檔案 suconnect,可以直接使用該檔案查看如何使用它
ls
./suconnect
# Usage: ./suconnect <portnumber>
# This program will connect to the given port on localhost using TCP. 
# If it receives the correct password from the other side, the next password is transmitted back.

根據程式結果說明,該檔案會連線到指定 port 上架設的 TCP 服務,並且如果從該服務收到當前密碼,即可獲得下一等級密碼

  1. 由於我們需要兩個 terminal 來分別架設服務與使用 suconnect 檔案,故透過 screen 指令來完成需求
screen
  1. 透過 nc 指令在 9487 port 建立 TCP 服務,並按下 Ctrl + A 後,再按下 D 鍵(detach)將 screen 卸離
nc -l localhost 9487
# Ctrl + A + D
  1. 透過 screen 指令進入新的 shell,並透過 suconnect 檔案連線到剛剛建立的服務,並按下快捷鍵將 screen 卸離
screen
./suconnect 9487
# Ctrl + A + D
  1. 透過 screen 指令將剛剛卸離的 screen 呈現出來,並重新進入第一個 screen,輸入當前密碼即可獲得 Level 21 密碼!
screen -ls
# There are screens on:
#         3377628.pts-139.bandit  (01/24/2025 02:14:50 AM)        (Detached)
#         3332936.pts-139.bandit  (01/24/2025 02:11:12 AM)        (Detached)
# 2 Sockets in /run/screen/S-bandit20.
screen -r 3332936