Find the password to the next level
- The password for the next level can be retrieved by submitting the password of the current level to port 3000 on localhost.
From the intel on the previous lesson we know that bandit14’s password is stored at /etc/bandit_pass/bandit14 and can only be read by bandit14. We now have the password for level 14.
Next comes how we can submit the password of level 14 to port 3000 to localhost.
If you’re unfamiliar with how simple networking operates now may be a time to brush up. I particularly like Eli the Computer Guy’s Networking Series. It’s not extremely complex, and he moves at a good pace. If you’re more of a book learner and you’re going to try for your Cisco Certified Network Associate (CCNA) I recommend getting a study guide like the CCNA Routing and Switching Study Guide: Exams 100-101, 200-101, and 200-120. I don’t like most certifications I’ve seen but I thought the material covered in the study guides were well worth the money spent.
Because of our clue we know that our localhost has some sort of service on port 3000 and we need to connect to it. Ports between 0-1023 are known as well known ports and for the most part always have the same service running on it. Port 22 SSH, 21 FTP, 80 HTTP and so forth. Anything after 1023 is known as an ephemeral port and it could be anything. So we need to do some guesswork.
There are a few tools that we can use to connect to a random service or port. netcat being one, and telenet is another. Because we know there is a service running that is going to prompt us for a password I decided to try telnet first. Loe and behold it was correct!
Note: I could, and later did try netcat just to see what it would provide me, but it yielded no results other than there was something on port 3000.
A bit of information about networking was discussed as ways to connect to remote services. If you haven’t already, look into netcat and what it can do. Its an extremely handy tool and is often called the hackers “swiss-army knife”.