Bandit Level 20 Solution

Bandit level 20 is kinda confusing and the formatting of the question is really weird, so let me make it simpler for you.

In the hole directory for user bandit 20, there’s a file that has setuid bit.

that file is a binary program where it connected to a port that exists on the local machine ( which is bandit 20) and wait for a bandit 20 password to be sent, if the password is correct then you can get bandit 21 user’s password.

so, in order to do that, we need to open a port on our local machine, connect to that port and then send the password for bandit 20 user.

Let’s start by logging into bandit level 20 machine

ssh bandit20@bandit.labs.overthewire.org -p 2220  

and with the password we got from the previous level

GbKksEFF4yrVs6il55v6gwY5aVje5f0j

now, let’s open a port in our machine, the easiest way is to use netcat tool.

nc -lvp 1234

Now let’s open a new terminal tab and login again to bandit level 20 machine.

Then let’s start our program and connect it to port 1234

./suconnect 1234

Now go back to first terminal, the one we opened with netcat, and paste the current level password, you should get the next level password.

So the next level password will be

gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr

In general it’s very easy, but i really feel that the question is formatted in a bad way that is a bit hard to understand what they exactly want from you.