🤔 문제
Level Goal
The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.
Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -ign_eof and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command…
✅ 풀이
openssl s_client -connect localhost:30001
전 레벨에서 했던
ssh,nc,telnet모두 적용이 안되서 찾아보니openssl,s_clinet를 쓰는거 같아서 이용하여 해결했다.🤔 openssl이란?
널리 사용되는 대부분의 대칭/비대칭 암호화 프로토콜을 구현한 오픈 소스 라이브러리로, 가장 대표적으로는 SSL/TLS와 관련된 기능들을 제공한다.🤔 s_client란?
SSL/TLS를 사용하는 원격 호스트에 접속하기 위한 일반적인 SSL/TLS clent를 구현하는 명령어
openssl 로 운영중인 웹서버의 SSL 인증서 정보를 살펴볼 수 있다.✏️ 사용법
$ openssl s_client [option]🌲 s_client option
- -connect host:port : 접속할 host, port
- -ssl2, -ssl3, -tls1, -dtls1 : 설정한 프로토콜만 통신
- -msg : 프로토콜 메세지 출력
- -CAfile [fileName] : 서버 인증 시 사용가능한 클라이언트 체인 인증서
- -cert [fileName] : 서버 인증서
- -key [fileName] : 개인키를 사용하며 기본값은 pem
- -pass arg : private key를 위한 password 전달
- -showcerts : 전체 서버 인증서 체인을 표시
- -state : ssl 세션 상태 출력
- -debug : 디버그 모드
- -ciphers : 이용가능한 모든 cipherset 출력
- -cipher cipherlist : cipherlist 지정
bandit15@bandit:~$ openssl s_client -connect localhost:30001
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 CN = localhost
verify error:num=18:self-signed certificate
verify return:1
depth=0 CN = localhost
verify error:num=10:certificate has expired
notAfter=Dec 31 16:51:29 2023 GMT
verify return:1
depth=0 CN = localhost
notAfter=Dec 31 16:51:29 2023 GMT
verify return:1
---
Certificate chain
0 s:CN = localhost
i:CN = localhost
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA1
v:NotBefore: Dec 31 16:50:29 2023 GMT; NotAfter: Dec 31 16:51:29 2023 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDCzCCAfOgAwIBAgIEd2zsFjANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDD
Als
b2NhbGhvc3QwHhcNMjMxMjMxMTY1MDI5WhcNMjMxMjMxMTY1MTI5WjAUMRIwE
AYD
VQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBA
QDa
I/3T3+5jb1P6JKLTAiKno5vP4XblDAMrz5DXYPPp2xMChk9qt/gJIk0DFqqBA
aMT
NdeQAwbOE7p/vFUYr2VK/lRLD1hwPYvUWDcnaM54POA5DZWtsxkNmlf8TsV+C
Jbq
Wy/HF7wGxCIJTU85/BCAvjztaB6GiwNF1tK67gY3OMi17Y/OZcup5OlfsOc2Z
1K8
JQTxUpLL+dKctD0MPm5wyRG3k7Er4nE+Ww+wQl+tvibxYdmI8ln5p7R302bFb
Mny
tYrEMwcMnXiZ/as2lC918s+mkMDF2N29vdc2z+yh8nxpbvB9Wnm8caWnz8Bgz
lhm
Uf6Dr1X/OW9Sqr52CoafAgMBAAGjZTBjMBQGA1UdEQQNMAuCCWxvY2FsaG9zd
DBL
BglghkgBhvhCAQ0EPhY8QXV0b21hdGljYWxseSBnZW5lcmF0ZWQgYnkgTmNhd
C4g
U2VlIGh0dHBzOi8vbm1hcC5vcmcvbmNhdC8uMA0GCSqGSIb3DQEBBQUAA4IBA
QAD
Axuf0o+lYLoAwbYBQ9u4TQGXVDP8THKIGvLA5YoQ66WTS+Yqz6UyU2KKWIXIJ
OPg
3m4pjssfW61KbE76ALqGNoXqX3/3zhhFEOxeKdu7oto54xeC9E6pLF+VRkOLB
sER
vkVV04gIHvW6bJPJcqroW/hpkj8gFErOcKnV5Q+XWdjFs7mFNzMQWEViaU4Tv
8Vb
VHvFd1H7QVO5jTqDeReKa1EX1TKhsFN5ZdeGFNW4lGMOMagretF0SggYQ/jXx
TQq
ZlE48UQ2UjPmJ2Q93A7Zz9Q79SzdoxjAysD/z7r1V8cRM8XsUUt4EQsc/LcIS
u/5
shdDpgGChFBkzNY/2zYw
-----END CERTIFICATE-----
subject=CN = localhost
issuer=CN = localhost
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1339 bytes and written 373 bytes
Verification error: certificate has expired
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 10 (certificate has expired)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID:
C2FE30D8D174C2A406CEA924EF78BD76E9CA60299B4514B8612F26FEC3ADE
E07
Session-ID-ctx:
Resumption PSK:
255575ABE22005E1D46C5A846EB06FB6890390BBCBE8D6A882C08265CAE2A
C3423170346D30E7075BD3E409862B495BB
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 35 fa 11 f4 72 e4 41 40-5c 24 4b 0a 01 db d5 57
5...r.A@\$K....W
0010 - cb f9 8b 0f 38 d5 01 20-b8 4d f1 70 af db 2a d5
....8.. .M.p..*.
0020 - 21 3f e1 91 53 cb 2b fd-14 be a9 80 1e 24 75 17
!?..S.+......$u.
0030 - 02 e8 91 fb 62 5f 55 da-68 04 d9 17 12 b7 90 25
....b_U.h......%
0040 - bf 34 93 d1 90 ab 6a eb-ae b7 f9 4d 24 61 29 b0
.4....j....M$a).
0050 - 73 65 f1 e8 8a 2c 5d 67-62 60 a8 08 c2 2c 37 ff
se...,]gb`...,7.
0060 - f2 a4 65 4f 57 e0 68 0e-9c d3 7d eb 88 c0 d7 fe
..eOW.h...}.....
0070 - a8 9c 09 86 b1 f0 80 43-22 9f b8 b7 57 66 3f a9
.......C"...Wf?.
0080 - 5e d8 a0 18 fa 5e f7 12-d6 23 bb b8 5f 4d 05 71
^....^...#.._M.q
0090 - 42 5b c1 ed b5 e6 4a 70-d5 e1 73 e1 ce 91 98 20
B[....Jp..s....
00a0 - 27 d9 5e 96 96 a7 c0 cf-d8 53 a8 0b f1 68 a9 ff
'.^......S...h..
00b0 - d1 b3 e4 be 1c 34 17 81-3c ad 34 3c 9e 5d 0d 95
.....4..<.4<.]..
00c0 - 57 02 cb 8d 42 7c fd ff-93 fc ae 8c 06 77 22 f5
W...B|.......w".
Start Time: 1704185763
Timeout : 7200 (sec)
Verify return code: 10 (certificate has expired)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID:
A2D2A3113ED1A938EADA27DBFB5393B0E252F5062B1412585AFA4C96B4241
062
Session-ID-ctx:
Resumption PSK:
CDDEB793E8058D04C162646C17253885DABD161839BA71A5C1C84E9084BF9
70D6E53D4A0DF413F09C552E524617C6D4F
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 35 fa 11 f4 72 e4 41 40-5c 24 4b 0a 01 db d5 57
5...r.A@\$K....W
0010 - 85 b3 03 24 41 59 14 53-fe 6b 4f af e4 51 74 6e
...$AY.S.kO..Qtn
0020 - 07 d1 f0 7f 2a be 7b 22-a7 81 e0 7d e3 58 19 81
....*.{"...}.X..
0030 - 67 25 45 78 14 06 ef 48-d2 ee cc 15 28 72 39 4d
g%Ex...H....(r9M
0040 - 97 1e ef b5 dd 83 e6 bc-29 25 24 54 7f 83 5d b6
........)%$T..].
0050 - f8 c5 e4 f7 c2 2e 9d a3-39 2b f2 5c 77 d9 34 a0
........9+.\w.4.
0060 - 18 bf 32 9f bc 1f 20 cc-7d 07 5e 29 40 20 6d da
..2... .}.^)@ m.
0070 - c6 09 be 9a 1c 2a 80 4b-09 62 3c a5 f2 35 66 a0
.....*.K.b<..5f.
0080 - e7 ee b9 b0 4e 26 5f 38-2b 0c 1b 12 69 4b 76 94
....N&_8+...iKv.
0090 - 47 92 ca 36 92 5c a9 5d-1a b2 29 7b 42 f6 ff 97
G..6.\.]..){B...
00a0 - 2c 47 93 ff 60 7a 8c a7-35 d1 ab 35 2d 97 10 11
,G..`z..5..5-...
00b0 - cb a5 7f 8b 0d d5 8f 1c-f6 3e df be df 21 4f 27
.........>...!O'
00c0 - 0b 7b 01 44 cc 33 a3 bc-ac 07 ac c1 13 e9 4c 26 .
{.D.3........L&
Start Time: 1704185763
Timeout : 7200 (sec)
Verify return code: 10 (certificate has expired)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
jN2kgmIXJ6fShzhT2avhotn4Zcka6tnt
Correct!
JQttfApK4SeyHwDlI9SXGR50qclOAil1
closed bandit16 : JQttfApK4SeyHwDlI9SXGR50qclOAil1
백엔드 개발자가 되고 싶은 응애