Level Goal

there is a setuid executable in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. it then reads a line of text from the connection and compares it to the password in the previous level (bandit20). if the password is correct, it will transmit the password for the next level (bandit21).

Solution

this challenge is all about shell job control.

so first we will use nc(1) to create a server that listen port 40000 and connects to it with the setuid executable in the home directory.

now we will put the nc(1) process in the foreground and supply the password for user bandit20.

great, we got next level’s password!.