← Back to Home

OverTheWire Bandit: Level 20 → Level 21

Technical Note

Context

In this level, we have a SUID program named suconnect. It does the following:

  1. Connects to a port specified as an argument.
  2. waits for a password from the other side.
  3. If the received password matches the Bandit 20 password, it sends back the next level’s password.

So far, we’ve always been the client connecting to servers. Now, we will become the server and wait for it to connect to us.

Goal

Create a listener on a localhost port, trigger suconnect to connect to it, and feed it the correct password.

Solution

The easiest way is to use two terminals, but we’ll do it like a pro in a single terminal using Job Control.

Step 1: Set Up the Server (Background)

We’ll use Netcat (nc) to listen (-l) on a port (e.g., 12345). We’ll pipe the current password (GbKks...) into it so it sends it immediately upon connection. Crucially, we’ll put this task in the background (&) so we can keep using the terminal.

echo -n "GbKksEFF4yrVs6il55v6gwY5aVje5f0j" | nc -l -p 12345 &

Command Breakdown:

  • echo -n "...": Print the password (without a trailing newline).
  • | nc -l -p 12345: Take this output and feed it to Netcat listening on port 12345.
  • &: Run this in the background. Give me back my prompt.

You’ll see a Process ID (PID) like [1] 12345, confirming our server is running silently.

Step 2: Run the Client

Now, instruct suconnect to connect to our open port:

./suconnect 12345

Step 3: Result

The program connects, our nc sends the password, suconnect verifies it, and… Bingo!

Read: GbKksEFF4yrVs6il55v6gwY5aVje5f0j
Password matches, sending next password
gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr
[1]+  Done                    echo -n ... | nc -l -p 12345

Alternative Method: Two Terminals If background processes (&) are confusing, simply open two SSH sessions.

  1. Terminal 1: echo "Password" | nc -l -p 12345
  2. Terminal 2: ./suconnect 12345

Key Takeaways

  1. Job Control (&): Allows running commands in the background, freeing up the terminal for other tasks.
  2. Reverse Connection: Instead of attacking a target directly, we sometimes force the target to connect back to us (similar to Reverse Shell concepts).
← Previous Post
OverTheWire Bandit: Level 19 → Level 20
Next Post →
OverTheWire Bandit: Level 21 → Level 22