Warning: This post contains a solution!
Only continue if:
1.) you want to see a possible alternative solution or
2.) you are stuck and need a hint!
Connect to the server using the following credentials:
Level Goal is:
There is a setuid binary in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will transmit the password for the next level (bandit21).
NOTE: Try connecting to your own network daemon to see if it works as you think
From the level goal above we know that we need to open a port that the setuid binary connects to and waits for the password from the current level. If the current password is correct, it responds with the password for the next level.
So, first we need to open a port (12345 in this example) and send the password through it:
bandit20@bandit:~$ echo GbKksEFF4yrVs6il55v6gwY5aVje5f0j | nc -vlp 12345 listening on [any] 12345 ...
nc is listening on 12345 and if a connection is established, the password of the current level will be piped through the connection.
Next, open a second terminal/session/tmux window/screen/... and run the setuid binary:
bandit20@bandit:~$ ./suconnect 12345 Read: GbKksEFF4yrVs6il55v6gwY5aVje5f0j Password matches, sending next password
The transmitted password is correct. The setuid binary responds with the password for the next level:
bandit20@bandit:~$ echo GbKksEFF4yrVs6il55v6gwY5aVje5f0j | nc -vlp 12345 listening on [any] 12345 ... connect to [127.0.0.1] from localhost [127.0.0.1] 44028 gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr
Password is: gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr