Bandit Level 21 Walkthrough

Level 20 ➔ Level 21: Orchestrating a Network Handshake

1. My Objective

I am currently logged in as bandit20. I have a setuid binary in my home directory that wants to connect to a port on localhost. Once connected, it expects to receive the current password (the one for bandit20). If the password is correct, it will send back the password for bandit21.

The Dilemma: I need to be in two places at once. I need a program Listening on a port to provide the password, and I need to run the Binary to connect to that same port. Since I only have one terminal session, I have to learn how to run tasks in the background.

2. The Feynman Explanation: The Secret Meeting

How do I have a conversation with myself across a wall? I use a trick to make one version of me wait while the other version does the talking.

The Apartment Door Analogy:

Imagine I have a package to deliver, but the delivery man (the Binary) will only give it to me if I'm standing behind a specific door (a Port) and say the secret password.

1. The Listener: First, I go behind the door (Port 1234) and wait. I have my secret word ready to shout. To do this without getting stuck there forever, I "clone" myself so one version of me waits behind the door in the Background.

2. The Connection: Now, as my normal self, I tell the delivery man: "Go to Door 1234 and check the person there."

The delivery man knocks, my background self yells the password, the delivery man is satisfied, and he drops the new package (the next password) right into my hands. This is the logic of Netcat combined with Job Control.

3. Practical Solution

I first ensure I have the password I found in Level 19. I will use nc (Netcat) to listen and the & symbol to push that listener into the background.

# Step 1: Create a listener on a random port (e.g., 1234)
# I echo the current password into nc. The & puts it in the background.
bandit20@bandit:~$ echo "VxCaz929SAb36906sV..." | nc -l -p 1234 &
[1] 12345 (This is the process ID)

# Step 2: Run the setuid binary and tell it to connect to port 1234
bandit20@bandit:~$ ./suconnect 1234

# The binary connects, gets the password from my listener, and prints the next one:
Read: VxCaz929SAb36906sV...
Password matches, sending next password
gE26Ng6pE6vSAr4S019SAb36906sV...

How the commands worked:

• nc -l -p 1234: I tell Netcat to Listen on Port 1234.
• &: This is the magic character. It tells Linux: "Run this command, but don't wait for it to finish. Give me my prompt back so I can type something else."
• ./suconnect 1234: The binary reaches out to the port I just opened, finds my password waiting there, and rewards me with the next key.

🚀 My Pro Tips: Managing Background Tasks

✨ The 'jobs' Command

If I ever forget what I have running in the background, I simply type jobs. It will show me a list of all active background tasks and their status.

⭐ Bringing Tasks to the Front (fg)

If a background task is stuck and I want to interact with it again, I type fg (Foreground). This "pulls" the task back to my main screen.

🔍 Choosing a Port

I avoid "well-known" ports like 80 or 443 because they are usually in use. I always pick a high number (between 1024 and 65535). If the terminal says "Address already in use," I just pick another random number like 5678 or 9999.

4. Why this matters

I use backgrounding every day. Whether I'm running a long security scan or a web server while I continue to write code, the ability to manage multiple processes in a single terminal is the hallmark of an efficient Linux power user. Understanding how programs "talk" to each other via ports is also fundamental to understanding how the entire internet functions.

Handshake Successful!

I've successfully coordinated a local network connection. I'll save this password and move on to Level 21 ➔ Level 22, where I will encounter the world of automated Cron jobs!

Tags: #Linux #Bandit #OverTheWire #Netcat #Networking #JobControl #BackgroundProcess #CyberSecurity #FeynmanTechnique #CodeWithPritom #ProTips