Bandit 17 Objectives The credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000 . First find out which of these ports have a server listening on them. Then find out which of those speak SSL and which don’t. There is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it. Solution lets see which ports have anything active bandit16@bandit:~$ nmap localhost -p 31000-32000 Starting Nmap 7.40 ( https://nmap.org ) at 2019-05-30 20:45 CEST Nmap scan report for localhost (127.0.0.1) Host is up (0.00021s latency). Not shown: 1000 closed ports PORT STATE SERVICE 31790/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds Okay only one port lets see if it is ssl bandit16@bandit:~$ openssl s_client -connect localhost:31790 CONNECTED(00000003) depth=0 CN = localhost verify error:num=18:self signed certi
@circusmonkey404 on the twitters; DM for contact