bandit Bandit Level 20
bandit_20/README.md
OverTheWire setuid suid nc networking There is a setuid binary in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will transmit the password for the next level (bandit21).

Bandit Level 20

  • There’s a setuid binary called suconnect in the home directory. It connects to a port on localhost, reads one line of input, and if it matches the current level’s password it returns the next one.

  • The trick here is that we need to be the one listening. We set up a nc listener in the background that serves the current password, then run the binary pointing at our listener port.

    • echo "GbKksEFF4yrVs6il55v6gwY5aVje5f0j" | nc -lp 1234 & starts a listener in the background (&) that will send the password to whoever connects.
    • Then ./suconnect 1234 connects to our listener, reads the password, validates it, and sends back the next one.

Password

GbKksEFF4yrVs6il55v6gwY5aVje5f0j

← Bandit Level 19 ↑ Index Bandit Level 21 →