OverTheWire: Bandit 解題筆記｜Level 16 → Level 17

--- title: "OverTheWire: Bandit 解題筆記｜Level 16 → Level 17" tags: - OverTheWire - Bandit - Linux - 資訊安全 --- # OverTheWire: Bandit 解題筆記｜Level 16 → Level 17 ## 登入 ```shell $ ssh -p 2220 bandit16@bandit.labs.overthewire.org ``` 密碼：`JQttfApK4SeyHwDlI9SXGR50qclOAil1` ## 題目 **關卡目標** 下一關的憑據可以通過將當前關卡的密碼提交到localhost範圍內的31000到32000端口中的一個來獲取。首先找出這些端口中有哪些有服務器在監聽。然後找出哪些服務器使用SSL，哪些不使用。只有一個服務器會給出下一關的憑據，其他的服務器會簡單地返回你發送給它的內容。 **你可能需要用到的命令** ssh, telnet, nc, openssl, s_client, nmap **有用的閱讀資料** [Port scanner on Wikipedia](https://en.wikipedia.org/wiki/Port_scanner) ## 解題思路 ## 詳解用 nmap 掃 port 31000~32000，使用 `-sV` 選項來獲得每個埠的服務資訊。 ```shell bandit16@bandit:~$ nmap -sV localhost -p 31000-32000 Starting Nmap 7.80 ( https://nmap.org ) at 2024-05-30 02:32 UTC Nmap scan report for localhost (127.0.0.1) Host is up (0.00016s latency). Not shown: 996 closed ports PORT STATE SERVICE VERSION 31046/tcp open echo 31518/tcp open ssl/echo 31691/tcp open echo 31790/tcp open ssl/unknown 31960/tcp open echo Nmap done: 1 IP address (1 host up) scanned in 98.97 seconds ``` 一個一個去試那些具有 SSL 通訊 ```shell bandit16@bandit:~$ openssl s_client localhost:31518 CONNECTED(00000003) ... read R BLOCK JQttfApK4SeyHwDlI9SXGR50qclOAil1 JQttfApK4SeyHwDlI9SXGR50qclOAil1 Q DONE bandit16@bandit:~$ openssl s_client localhost:31790 CONNECTED(00000003) ... read R BLOCK JQttfApK4SeyHwDlI9SXGR50qclOAil1 Correct! -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAvmOkuifmMg6HL2YPIOjon6iWfbp7c3jx34YkYWqUH57SUdyJ imZzeyGC0gtZPGujUSxiJSWI/oTqexh+cAMTSMlOJf7+BrJObArnxd9Y7YT2bRPQ Ja6Lzb558YW3FZl87ORiO+rW4LCDCNd2lUvLE/GL2GWyuKN0K5iCd5TbtJzEkQTu DSt2mcNn4rhAL+JFr56o4T6z8WWAW18BR6yGrMq7Q/kALHYW3OekePQAzL0VUYbW JGTi65CxbCnzc/w4+mqQyvmzpWtMAzJTzAzQxNbkR2MBGySxDLrjg0LWN6sK7wNX x0YVztz/zbIkPjfkU1jHS+9EbVNj+D1XFOJuaQIDAQABAoIBABagpxpM1aoLWfvD KHcj10nqcoBc4oE11aFYQwik7xfW+24pRNuDE6SFthOar69jp5RlLwD1NhPx3iBl J9nOM8OJ0VToum43UOS8YxF8WwhXriYGnc1sskbwpXOUDc9uX4+UESzH22P29ovd d8WErY0gPxun8pbJLmxkAtWNhpMvfe0050vk9TL5wqbu9AlbssgTcCXkMQnPw9nC YNN6DDP2lbcBrvgT9YCNL6C+ZKufD52yOQ9qOkwFTEQpjtF4uNtJom+asvlpmS8A vLY9r60wYSvmZhNqBUrj7lyCtXMIu1kkd4w7F77k+DjHoAXyxcUp1DGL51sOmama +TOWWgECgYEA8JtPxP0GRJ+IQkX262jM3dEIkza8ky5moIwUqYdsx0NxHgRRhORT 8c8hAuRBb2G82so8vUHk/fur85OEfc9TncnCY2crpoqsghifKLxrLgtT+qDpfZnx SatLdt8GfQ85yA7hnWWJ2MxF3NaeSDm75Lsm+tBbAiyc9P2jGRNtMSkCgYEAypHd HCctNi/FwjulhttFx/rHYKhLidZDFYeiE/v45bN4yFm8x7R/b0iE7KaszX+Exdvt SghaTdcG0Knyw1bpJVyusavPzpaJMjdJ6tcFhVAbAjm7enCIvGCSx+X3l5SiWg0A R57hJglezIiVjv3aGwHwvlZvtszK6zV6oXFAu0ECgYAbjo46T4hyP5tJi93V5HDi Ttiek7xRVxUl+iU7rWkGAXFpMLFteQEsRr7PJ/lemmEY5eTDAFMLy9FL2m9oQWCg R8VdwSk8r9FGLS+9aKcV5PI/WEKlwgXinB3OhYimtiG2Cg5JCqIZFHxD6MjEGOiu L8ktHMPvodBwNsSBULpG0QKBgBAplTfC1HOnWiMGOU3KPwYWt0O6CdTkmJOmL8Ni blh9elyZ9FsGxsgtRBXRsqXuz7wtsQAgLHxbdLq/ZJQ7YfzOKU4ZxEnabvXnvWkU YOdjHdSOoKvDQNWu6ucyLRAWFuISeXw9a/9p7ftpxm0TSgyvmfLF2MIAEwyzRqaM 77pBAoGAMmjmIJdjp+Ez8duyn3ieo36yrttF5NSsJLAbxFpdlc1gvtGCWW+9Cq0b dxviW8+TFVEBl1O4f7HVm6EpTscdDxU+bCXWkfjuRb7Dy9GOtt9JPsX8MBTakzh3 vBgsyi/sN3RqRBcGU40fOoZyfAMT8s1m/uYv52O6IgeuZ/ujbjY= -----END RSA PRIVATE KEY----- closed ``` [OverTheWire: Bandit 解題筆記｜Level 17 → Level 18](/JZahe8E9RaGFqGsnNodgHg)