OverTheWire - Bandit: Level 21 to Level 22
There is a setuid binary in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will transmit the password for the next level (bandit21).
NOTE: Try connecting to your own network daemon to see if it works as you think
In the home directory, an executable with the name suconnect
exists. As described it connects to a given local port. Since we already know the password for bandit20
we can create two ssh sessions and provide the password. Therefore we run the following in SSH session #1:
1 $ nc -l 9999
And in session #2:
1 $ ./suconnect 9999
This way suconnect
will connect to our nc
listening server, and now we can send the password. This way session #1 will look like this in total:
1 $ nc -l 9999
2 $ VxCazJaVykI6W36BkBU0mJTCM8rR95XT
3 NvEJF7oVjkddltPSrdKEFOllh9V1IBcq
Session #2 looks in total like this:
1 $ ./suconnect 9999
2 Read: VxCazJaVykI6W36BkBU0mJTCM8rR95XT
3 Password matches, sending next password