Level Goal

the credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000. first find out which of these ports have a server listening on them. then find out which of those speak SSL and which don’t. there is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it.

Solution

we will use namp to scan the range of ports and use it’s version detection functionality get more info about what is actually running/listening on those ports.

great!, now we know that the target service is running on port 31790. we will try connecting and providing current level’s password to it using openssl

the service rewarded us with user bandit17’s private key. now we should add this private key to our ssh agent to be able to login as user bandit17. i’ve named the private key file (bandit17.sshkey.private)

and we are done, we should now be able to login to the remote server as user bandit17.