The Goal
The password for Level 16 can be retrieved by submitting the current level's password to port 30001 on localhost using SSL/TLS encryption.
The Approach
Plain nc does not support SSL. The ncat tool (from nmap) does,
via the --ssl flag. It is available on the bandit server:
bandit15@bandit:~$ ncat -v --ssl localhost 30001
Ncat: Version 7.94SVN ( https://nmap.org/ncat )
Ncat: Subject: CN=SnakeOil
Ncat: Issuer: CN=SnakeOil
Ncat: SHA-1 fingerprint: 323A F3B1 4FC7 1B0F F71A 1931 8FF3 62A1 49AC 735A
Ncat: Certificate verification failed (self-signed certificate).
Ncat: SSL connection to 127.0.0.1:30001.
Ncat: SHA-1 fingerprint: 323A F3B1 4FC7 1B0F F71A 1931 8FF3 62A1 49AC 735A
password
Correct!
password
The certificate warning about self-signed certificates is expected in this environment and does not prevent the connection.
Commands Covered
ncat -v --ssl host port, connect to a host and port over SSL/TLS