Bandit WarGame Level 15 -> Level 16(openssl s_client)

팥들었슈_ 2023. 11. 17. 10:05

2023. 11. 17. 10:05

Bandit Level 15 → Level 16

Level Goal

The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.

Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -ign_eof and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command…

Commands you may need to solve this level

ssh, telnet, nc, openssl, s_client, nmap

Helpful Reading Material

다음 레벨의 비밀번호를 얻기위해 현제 레벨의 30001포트로 SSL encrypion을 사용하여 접속하라

Commands you may need to solve this level들을 찾아보니

openssl의 s_client 옵션이 있다.

https://kimkmg.tistory.com/44

OpenSSL 과 s_client

OpenSSL SSL/TLS 프로토콜을 구현한 라이브러리 중 하나로, 통신전문과 문서를 암호화 할 수 있음 s_client (SSL/TLS client program) SSL/TLS 를 사용하는 원격 호스트에 접속하기 위한 일반적인 SSL/TLS client를

kimkmg.tistory.com

bandit14@bandit:~/.ssh$ openssl s_client localhost:30001
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 CN = localhost
verify error:num=18:self-signed certificate
verify return:1
depth=0 CN = localhost
verify error:num=10:certificate has expired
notAfter=Nov 14 21:28:40 2023 GMT
verify return:1
depth=0 CN = localhost
notAfter=Nov 14 21:28:40 2023 GMT
verify return:1
---
Certificate chain
 0 s:CN = localhost
   i:CN = localhost
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA1
   v:NotBefore: Nov 14 21:27:40 2023 GMT; NotAfter: Nov 14 21:28:40 2023 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDCzCCAfOgAwIBAgIEM6RIkjANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDDAls
b2NhbGhvc3QwHhcNMjMxMTE0MjEyNzQwWhcNMjMxMTE0MjEyODQwWjAUMRIwEAYD
VQQDDAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1
wifvEdFWIeI2PJy/Ahfb5tN0GZ944HsRBxLC3vFvUqVimmxRSgEwmZ9iYbhI/dLQ
TqyNCAZqE1AVaYfkFr7SFoLQ+3OIZbnEy4JSNlSWHdgnoObBwpz9aFKnTy2yI5LV
6Ep7nReXr/xpRpl2b/WS41WhKrg8eR3CkE9Vc3XFUqBdB+PBJRhAT5cPhYkCZVWo
b00JKC+jO96YfXzZ8zg72L10sKUeIUoA5/npKi1t4wG6dVCGyi5svPIv2pNBxJCq
M50hpaN9LB88+hZl+zRqIfcVzMsHDK06kHGIiEr4L24aMO+OD8lRThtBZ7yYkNN3
XR0rgJR79/+1WEHZ03RFAgMBAAGjZTBjMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDBL
BglghkgBhvhCAQ0EPhY8QXV0b21hdGljYWxseSBnZW5lcmF0ZWQgYnkgTmNhdC4g
U2VlIGh0dHBzOi8vbm1hcC5vcmcvbmNhdC8uMA0GCSqGSIb3DQEBBQUAA4IBAQA8
H1DosaYoBW1zkfNg/Xj7+sd/ReR3BcDjg3bDUN3dpNBSKxUHvxo2WttPcLQY/4Zq
fzHxKTWuqMrGEoiZN7vE46cVcjRePDoCLWq4QoIfWeNcIVUGjtOwdPFqQSrignTb
g7qD1NOh4NFWRub7NxoRlywqtWeUfXBQ5XGI82tJzZa4qib2BGOuB6rOPSWZbwaV
JKThaMGm+hky40ZvnPc70HDXpED3DFuWyexvsfpSsGU+uFoQ0ULbtnOkWbWfFFHL
db9NauNMnGGozRbOvKhTWpMxA2GYVSXtsawKmf93do3UOCWVTo+pkfhqhJolmWXm
W/RG59GpXpt37aWvGnX3
-----END CERTIFICATE-----
subject=CN = localhost
issuer=CN = localhost
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1339 bytes and written 373 bytes
Verification error: certificate has expired
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 10 (certificate has expired)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 376B1A05858513EC8D5259E5770D33FDEC887E074D932D075160097F7066839F
    Session-ID-ctx:
    Resumption PSK: 448ED7C212C91F5FF5F06304A7F93E3FFE2B764697450FF1BA19C0FAE5B8743F6B5F4B13F0A6EC2C9B7E524F5BCA57F6
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 00 ce 70 c8 45 c4 d3 37-32 1f 89 92 6a ab 5a 57   ..p.E..72...j.ZW
    0010 - 98 12 98 8b 15 07 5e 3f-73 6b b2 13 e7 69 df f0   ......^?sk...i..
    0020 - 9a b3 2a 25 45 13 44 03-23 8a b0 e8 24 26 09 1e   ..*%E.D.#...$&..
    0030 - d2 b7 c3 b8 96 5a ee 32-ab 4f 39 ae 84 0a 39 ef   .....Z.2.O9...9.
    0040 - 22 0a 14 ba ca 5c 11 2b-b2 92 79 6e 41 f8 b3 7e   "....\.+..ynA..~
    0050 - 78 24 f4 5a 08 73 75 52-90 29 e8 cd 43 4f 55 d4   x$.Z.suR.)..COU.
    0060 - 2a 7a 64 93 23 2f e0 4d-9d 95 8c 85 14 ec ae d2   *zd.#/.M........
    0070 - 74 87 ff 0a 11 c1 c5 f0-85 cf b7 33 3b 6e 81 41   t..........3;n.A
    0080 - 18 39 64 67 dd 3e 0b 39-87 f2 e3 80 f3 77 e5 8b   .9dg.>.9.....w..
    0090 - 53 cd 35 2b d4 d4 e5 db-86 cc 0e 17 b2 22 71 63   S.5+........."qc
    00a0 - e3 ed f1 d0 a0 ca 26 c3-f8 ab f8 2e 41 65 ae 4a   ......&.....Ae.J
    00b0 - 21 7d 76 17 fa f2 b5 1d-ad 8b 47 89 dd 52 ab 33   !}v.......G..R.3
    00c0 - 55 e0 db 13 9f 6e 4a 7c-00 85 e4 7c fe ea f1 85   U....nJ|...|....

    Start Time: 1700182691
    Timeout   : 7200 (sec)
    Verify return code: 10 (certificate has expired)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 8EA9A947757D4C2B632BE5C1474C8D53900AAA61B6B262074A188581E8C738F2
    Session-ID-ctx:
    Resumption PSK: 5F434F8EE5043076AE0B0D47636FAD326A21939F3C1545FB3AD557A310257BCDA119C5EC33CDC3FBA5C18521932B757C
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 00 ce 70 c8 45 c4 d3 37-32 1f 89 92 6a ab 5a 57   ..p.E..72...j.ZW
    0010 - 95 37 23 8f 95 c4 89 21-7c 6f 9e 88 11 bd ea 26   .7#....!|o.....&
    0020 - 66 57 fb b4 bc b8 19 f7-d7 31 4b 05 2f 36 a9 02   fW.......1K./6..
    0030 - 3a 39 e8 82 b0 6b 6c bb-f1 56 d8 08 cd b0 a1 a9   :9...kl..V......
    0040 - 09 e6 0b 39 9a 94 09 a0-b2 6a 15 8b 8f 63 90 be   ...9.....j...c..
    0050 - 09 8b ea 58 90 7f 45 ce-66 ca 3a 07 e7 75 6e 3b   ...X..E.f.:..un;
    0060 - 8e 7a b7 32 6b c3 44 db-18 70 2f b2 e1 f4 a7 83   .z.2k.D..p/.....
    0070 - 31 e6 3e e1 e8 f3 05 e4-22 00 45 61 4f 37 89 22   1.>.....".EaO7."
    0080 - 38 8b 25 07 8b ca 15 b1-db 1f 2a 12 b7 b7 38 d9   8.%.......*...8.
    0090 - b0 93 57 fa 8e 7c 8f 25-81 a2 37 bc 73 78 49 87   ..W..|.%..7.sxI.
    00a0 - b5 ee 55 62 5d 5d ee 99-62 3c d6 b1 27 0c 1a bf   ..Ub]]..b<..'...
    00b0 - 19 43 b1 24 8b 32 48 4b-1d 02 cf 6a 14 22 35 3b   .C.$.2HK...j."5;
    00c0 - 79 e9 16 14 f4 ae 54 b2-80 40 00 20 6a 05 4c a6   y.....T..@. j.L.

    Start Time: 1700182691
    Timeout   : 7200 (sec)
    Verify return code: 10 (certificate has expired)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
jN2kgmIXJ6fShzhT2avhotn4Zcka6tnt
Correct!
JQttfApK4SeyHwDlI9SXGR50qclOAil1

closed

이해가 잘 안간다.

저작자표시

'WarGame > Bandit WarGame' 카테고리의 다른 글

Bandit WarGame Level 16 -> Level 17 (0)	2023.11.17
Bandit WarGame Level 14 -> Level 15(telnet) (0)	2023.11.17
Bandit WarGame Level 13 -> Level 14 (ssh -i) (0)	2023.11.17
Bandit WarGame Level 12 -> Level 13(xxd, tar -xvf, gzip -d) (0)	2023.11.15
Bandit WarGame Level 11 -> Level 12(tr, 문자치환) (1)	2023.11.15

팥들었슈