Bandit - Going to Level 21

2 November 2017


There is a setuid binary in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will transmit the password for the next level (bandit21). NOTE: To beat this level, you need to login twice: once to run the setuid command, and once to start a network daemon to which the setuid will connect. NOTE 2: Try connecting to your own network daemon to see if it works as you think

Getting the information

Open a first terminal, connect to level 20 and open a netcat server that will listen on a port of your choosing:

nc -l -p 30100

Open a second terminal, connect to level 20 and start the suconnect binary

./suconnect 30100

Go back to the first terminal (the netcat server) and write the password for the level 20 in it. Once you press enter, the password for the level 21 will appear: