Level
Goal
The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.
Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -ign_eof and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command…
다음 레벨의 패스워드는 현재 레벨의 패스워드를 localhost의 30001 포트(SSL)로 전송하면 획득할 수 있다.
노트: "HEARTBEATING"과 "Read R BLOCK"이 뜬다면? -ign_eof를 사용하고 man 페이지의 "CONNECTED COMMANDS" 부분을 읽어라. 'R'과 'Q' 옆에 있는 'B' 커맨드는 이 버전의 명령에서도 동작한다.
Commands you may need to solve this level
ssh, telnet, nc, openssl, s_client, nmap
Helpful Reading Material
Secure Socket Layer/Transport Layer Security on Wikipedia
OpenSSL Cookbook - Testing with OpenSSL
Exploit
bandit15@bandit:~$ nc -zv 127.0.0.1 30001
Connection to 127.0.0.1 30001 port [tcp/*] succeeded!30001번 포트는 열려 있으나 nc는 기본적으로 평문 통신을 하기 때문에 현재 레벨의 플래그를 단순 전송하면 튕긴다.
s_client
This implements a generic SSL/TLS client which can establish a transparent connection to a remote server speaking
SSL/TLS. It's intended for testing purposes only and provides only rudimentary interface functionality but internally
uses mostly all functionality of the OpenSSL ssl library.bandit15@bandit:~$ openssl s_client -connect 127.0.0.1:30001