Given:
There is a setuid binary in the home directory that does the following: it makes a connection to localhost on the port you specify as a command-line argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will transmit the password for the next level (bandit21).
NOTE: Try connecting to your own network daemon to see if it works as you think
Commands you may need to solve this level
ssh, nc, cat, bash, screen, tmux, Unix ‘job control’ (bg, fg, jobs, &, CTRL-Z, …)
- ssh into bandit20
bandit20@bandit:~$ ls -la
total 32
drwxr-xr-x 2 root root 4096 May 7 2020 .
drwxr-xr-x 41 root root 4096 May 7 2020 ..
-rw-r — r — 1 root root 220 May 15 2017 .bash_logout
-rw-r — r — 1 root root 3526 May 15 2017 .bashrc
-rw-r — r — 1 root root 675 May 15 2017 .profile
-rwsr-x — — 1 bandit21 bandit20 12088 May 7 2020 suconnectgE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr
2. run suconnect to see how it works.
bandit20@bandit:~$ ./suconnect
Usage: ./suconnect <portnumber>3. In the first terminal run suconnet with a port number. Open another terminal and run netcat. pass the password of the current level bandit20.
If the password match the suconnect will send the password of the next level
bandit20@bandit:~$ nc -lvp 8888
listening on [any] 8888…
GbKksEFF4yrVs6il55v6gwY5aVje5f0j // level 20 password.
connect to [127.0.0.1] from localhost [127.0.0.1] 48948
gE269g2h3mw3pwgrj0H******1c9DGr // level 21 password. 
