← Back to Home

OverTheWire Bandit: Level 16 → Level 17

Technical Note

Context

In this level, we are told that “the next password is on a port between 31000 and 32000.” But which one? And which one speaks SSL?

Instead of looking for a needle in a haystack, we will use a Port Scanner to find the open doors. Enter Nmap, the legendary network mapping tool.

Goal

  1. Scan the localhost range 31000-32000 to find open ports.
  2. Identify which of these ports supports SSL/TLS.
  3. Connect to the correct service, submit the password, and retrieve an SSH Private Key.
  4. Use this key to log in as bandit17.

Solution

Step 1: Scan for Ports

Let’s use nmap to scan the specified range:

nmap -p 31000-32000 localhost
  • -p 31000-32000: Scan only this range.

Example Output:

PORT      STATE SERVICE
31046/tcp open  unknown
31518/tcp open  unknown
31691/tcp open  unknown
31790/tcp open  unknown
31960/tcp open  unknown

We found 5 open ports. Now, which one is it?

Step 2: Find the SSL Service

We could try them one by one, or use nmap’s -sV (service version) flag. But the simplest way is to try connecting with openssl.

If you connect to the wrong port (non-SSL), it will likely just echo back what you type. The correct port (SSL) will complete the handshake and wait silently.

Let’s assume we identified 31790 as the SSL port (this number might vary!).

openssl s_client -quiet -connect localhost:31790

Step 3: Submit Password & Get Key

Once connected, paste the bandit16 password (cluFn7w...).

If correct, the server will respond with a large block of text:

Correct!
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAvmOc...
...
...
-----END RSA PRIVATE KEY-----

This is the password for the next level! Or rather, the login key.

Step 4: Save Key & Login

Copy this text (including the BEGIN and END lines).

Now, let’s apply the “Connect from Local Machine” tactic we learned earlier:

  1. Create a file on your own computer (NOT the Bandit server): 
    nano bandit17.key
# Paste the copied key and save
  2. Lock the permissions (Crucial!): 
    chmod 600 bandit17.key
  3. Connect: 
    ssh -i bandit17.key bandit17@bandit.labs.overthewire.org -p 2220

Congratulations, you’re in!

Key Takeaways

  1. Port Scanning (nmap): A critical cybersecurity step to discover open entry points on a network.
  2. Service Discovery: Finding an open port is not enough; you must understand what service (SSL, Echo, HTTP?) is running behind it.
  3. SSH Key (RSA): We practiced file-based authentication instead of using a password.
← Previous Post
OverTheWire Bandit: Level 15 → Level 16
Next Post →
OverTheWire Bandit: Level 17 → Level 18