Bandit Level 16 → Level 17

The credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000. First find out which of these ports have a server listening on them. Then find out which of those speak SSL and which don’t. There is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it.

解密

bandit15@bandit:~$ nmap -p31000-32000 localhost

Starting Nmap 7.40 ( https://nmap.org ) at 2019-09-07 16:57 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00019s latency).
Not shown: 999 closed ports
PORT      STATE SERVICE
31518/tcp open  unknown
31790/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds

bandit15@bandit:~$ openssl s_client -host localhost -port 31790

....

---
BfMYroe26WYalil77FoDi9qh59eK5xNr
Wrong! Please enter the correct current password
closed

知识点

  1. nmap命令是强大的网络扫描工具,在这里使用参数-p来指定需要扫描端口的区间范围;
  2. openssl s_client用于建立TLS链接;