i'm currently doing the bandit wargames from overthewire.org (for those of you who don't know it's a website with different tasks that you get to do in order to improve your hacking skills). i did them before but i got stuck pretty early and i blasted through them using spoilers. the good part about that is that it leaves a lot of room for, let's call it, 'replayability'. xD right now i'm at bandit20 and i need to use an executable file:
/home/bandit20/suconnect
usage: ./suconnect <port number>
that "will connect to the given port on localhost using TCP. If it receives the correct password from the other side, the next password is transmitted back."
my initial reaction was to pull out nmap and look for open ports. i did find some that are open and some of them are running echo and some openssl. in total there were 5 ports that were open regardless of the service running and i also found using the ps -alx a netcat running in the background listening on another 6th port.
now, the task description says:
[the file] makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will transmit the password for the next level (bandit21). NOTE: Try connecting to your own network daemon to see if it works as you think
i tried all of the 6 ports that i found, using the expected syntax but none of them returned anything. i did find on a blog with spoilers an older description on the website that said:
To beat this level, you need to login twice: once to run the setuid command, and once to start a network daemon to which the setuid will connect
i tried sshing twice and listening on all of those ports and in the second window using the binary but it never did anything. the problem is that after i run the binary it gives me a blank command line but regardless of what i type it doesn't give any output. i used strings on the file and i see it does have fail messages for unable to connect, incorrect password, right password and so on but i'm not getting any of it.
i would like in this situation more to understand the underlying concept rather than being handed the solution. i'm not sure what connecting to your own network daemon means (i tried googling and looking up on youtube but i don't really understand what a network daemon is or what does it mean to connect to it). also having to run 2 terminals seemed like a big deal since they took it out but i can't seem to figure out how are you supposed to do it or what are you supposed to do with it in this scenario. also, to listen to a port on the localhost i used netcat, not sure if anything else would've been better or if you're supposed to use anything else.
any feedback is much appreciated, thanks :)
Just wanted to say I managed to find the answer. It turns out that the localhost is the local daemon and connecting to it means doing 2 netcats: One that listens on a port, and one that connects to it.