← Back to Home

OverTheWire Bandit: Level 15 → Level 16

Technical Note

Context

In the previous level, we connected to port 30000 using nc in cleartext. However, on the modern web (HTTPS), data is transmitted securely via encryption. Port 30001 tells us, “I only speak encrypted (SSL/TLS).” If you try to connect with nc, the server won’t understand the handshake and will drop the connection.

We need a tool capable of performing an SSL “handshake”: OpenSSL.

Goal

Submit the bandit15 password to localhost port 30001 using SSL.

Solution

We will use the s_client (SSL Client) module of the openssl tool. This acts like a browser or terminal-based SSL client.

The command:

openssl s_client -connect localhost:30001

When you run this, a lot of information about the certificate chain and handshake will flood the screen.

Important Note: You might see verify error:num=18:self-signed certificate or CN = SnakeOil. This is normal. The Bandit server uses a self-signed certificate rather than an official one trusted by browsers. OpenSSL warns us “I can’t trust this,” but establishes the connection anyway.

Once the cursor waits, paste the password for Bandit 15 (the one you used to log in to this level) and hit Enter. The server will verify it and respond with the next password.

For a Cleaner Output:

To suppress the certificate details (-quiet):

openssl s_client -quiet -connect localhost:30001
# (Hit Enter, wait for connection, then paste password)
BfMYroe26WYalil77FoDi9qh59eK5xNr

Output:

Correct!
cluFn7wTiGryunymYOu4RcffSxQluehd

New password: cluFn7wTiGryunymYOu4RcffSxQluehd

Key Takeaways

  1. SSL/TLS: Protocols that ensure data privacy and integrity over a network.
  2. openssl s_client: A powerful tool for debugging SSL servers, testing certificates, or manually interacting with encrypted services.
← Previous Post
OverTheWire Bandit: Level 14 → Level 15
Next Post →
OverTheWire Bandit: Level 16 → Level 17