{"id":1239,"date":"2019-09-10T21:45:37","date_gmt":"2019-09-10T13:45:37","guid":{"rendered":"http:\/\/van-yzt.com\/?p=1239"},"modified":"2019-09-10T21:45:37","modified_gmt":"2019-09-10T13:45:37","slug":"bandit-level-20-%e2%86%92-level-21","status":"publish","type":"post","link":"https:\/\/huzi-baozi.com\/?p=1239","title":{"rendered":"Bandit Level 20 \u2192 Level 21"},"content":{"rendered":"<p>There is a setuid binary in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will transmit the password for the next level (bandit21).<\/p>\n<p>NOTE: Try connecting to your own network daemon to see if it works as you think<\/p>\n<h2>\n\u89e3\u5bc6<\/h2>\n<ol>\n<li>\n\u4f7f\u7528\u4e00\u4e2a<code>nc -l -p 1115 &lt; \/etc\/bandit_pass\/bandit20<\/code>\u547d\u4ee4\u4f5c\u4e3aserver\u76d1\u542c\u7aef\u53e3<code>1115<\/code>\uff0c\u5e76\u4e14\u8f93\u5165\u5f53\u524d\u5bc6\u7801\uff1b<\/li>\n<li>\n\u6253\u5f00\u53e6\u4e00\u4e2a\u7aef\u53e3\uff0c\u4f7f\u7528<code>.\/suconnect 12345<\/code>\uff1b<\/li>\n<li>\n\u7acb\u9a6c\u5f97\u5230<code>gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr<\/code>\uff1b<\/li>\n<\/ol>\n<h2>\n\u77e5\u8bc6\u70b9<\/h2>\n<ol>\n<li>\n<code>nc<\/code>\u4f5c\u4e3a\u670d\u52a1\u5668\u76d1\u542c\u7aef\u53e3<code>-l -p<\/code>\uff1b<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>There is a setuid binary in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/huzi-baozi.com\/?p=1239\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Bandit Level 20 \u2192 Level 21&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1239","post","type-post","status-publish","format-standard","hentry","category-bandit"],"_links":{"self":[{"href":"https:\/\/huzi-baozi.com\/index.php?rest_route=\/wp\/v2\/posts\/1239","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/huzi-baozi.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/huzi-baozi.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/huzi-baozi.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/huzi-baozi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1239"}],"version-history":[{"count":1,"href":"https:\/\/huzi-baozi.com\/index.php?rest_route=\/wp\/v2\/posts\/1239\/revisions"}],"predecessor-version":[{"id":1240,"href":"https:\/\/huzi-baozi.com\/index.php?rest_route=\/wp\/v2\/posts\/1239\/revisions\/1240"}],"wp:attachment":[{"href":"https:\/\/huzi-baozi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1239"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/huzi-baozi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1239"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/huzi-baozi.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1239"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}