The Goal
The password for Level 15 can be retrieved by submitting the current level's password to port 30000 on localhost.
Finding the Current Password
Since Level 13 used a private SSH key to log in, the current password for bandit14 was
never seen. The previous level stated it: the password is stored in
/etc/bandit_pass/bandit14 and can only be read as user bandit14. Now that
we are logged in as bandit14, we can read it:
bandit14@bandit:~$ cd /etc/bandit_pass/
bandit14@bandit:/etc/bandit_pass$ cat bandit14
password
Submitting via nc
nc (netcat) opens a raw TCP connection. Connecting to port 30000 and typing
the wrong input shows the expected format:
bandit14@bandit:~$ nc -v localhost 30000
Connection to localhost (127.0.0.1) 30000 port [tcp/*] succeeded!
test
Wrong! Please enter the correct current password.
Submitting the actual password gives the next level's password:
bandit14@bandit:~$ nc -v localhost 30000
Connection to localhost (127.0.0.1) 30000 port [tcp/*] succeeded!
password
Correct!
password
Commands Covered
nc -v host port, open a TCP connection to a host and port with verbose outputcat /etc/bandit_pass/banditN, read the stored password for a bandit user