Bandit 21 Objectives There is a setuid binary in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level (bandit20). If the password is correct, it will transmit the password for the next level (bandit21). Solution At first I thought there was already an open port with the application to send the password to. bandit20@bandit:~$ ls suconnect after running nmap and connecting to all the ports, I couldn't find one that would supply the password..... so let's role our own we'll use netcat to setup a listener on a port we create that sends the password when connected to, then point their application in the home directory to connect to it and hopefully get our next password. This does require two ssh sessions SSH Server bandit20@bandit:~$ echo GbKksEFF4yrVs6il55v6gwY5aVje5f0j | netcat
@circusmonkey404 on the twitters; DM for contact