bandit15 link
https://overthewire.org/wargames/bandit/bandit16.html
command to solve this level
이 레벨을 풀기 위해 알아야 하는 커맨드들은 아래와 같다.
1. ssh :
- ssh 접속 커맨드
- ssh [id]@[url] -p[port]
2. telnet :
- text-based communication protocol
- telnet [hostname][port]
3. nc(Netcat) :
- networking utility for reading from and writing to network connections using TCP or UDP
- port scanning, file transfers, and creating network connections
- nc -vz [hostname][port]
4. openssl :
- A robust open-source toolkit for implementing SSL/TLS protocols.
- connects to a remote SSL/TLS server
5. s_client :
- A specific OpenSSL tool that connects to a remote SSL/TLS server and prints information about the SSL connection
6. nmap :
- open-source network scanning tool for discovering hosts and services on a computer network
- security auditing, and finding open ports
- nmap -p 1-1000 hostname (to scan ports 1 through 1000)
문제 :
The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.
문제 풀이 :
opeenssl s_client [옵션][호스트:포트]
openssl s_client -connect localhost:30001
위의 커맨드를 입력하면 아래와 같은 SSL/TLS 커넥션이 이뤄진다.
1. SSL/TLS Handshake:
Can't use SSL_get_servername
depth=0 CN = localhost
verify error:num=18:self-signed certificate
verify return:1
depth=0 CN = localhost
verify error:num=10:certificate has expired
notAfter=Jan 25 20:43:52 2024 GMT
verify return:1
depth=0 CN = localhost
notAfter=Jan 25 20:43:52 2024 GMT
verify return:12. Certificate:
-----BEGIN CERTIFICATE-----
MIIDCzCCAfOgAwIBAgIEXPQtNDANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDDAls
b2NhbGhvc3QwHhcNMjQwMTI1MjA0MjUyWhcNMjQwMTI1MjA0MzUyWjAUMRIwEAYD
...
-----END CERTIFICATE-----인증서를 받는다.
3. SSL/TLS Session Information:
SSL handshake has read 1339 bytes and written 373 bytes
Verification error: certificate has expired몇 바이트를 읽고 썼는지 확인
이후 현재 단계 비밀번호를 입력 하면 다음 단계로 넘어갈 수 있다.
REFERENCE
[1] https://overthewire.org/wargames/bandit/bandit16.html
[2] https://www.cloudflare.com/ko-kr/learning/ssl/what-happens-in-a-tls-handshake/
[3] https://m.blog.naver.com/alice_k106/221468341565
방구석 언어기술자