The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.
Helpful note: Getting “HEARTBEATING” and “Read R BLOCK”? Use -ign_eof and read the “CONNECTED COMMANDS” section in the manpage. Next to ‘R’ and ‘Q’, the ‘B’ command also works in this version of that command…
Commands you may need to solve this level: ssh, telnet, nc, openssl, s_client, nmap
So lets see the manpage of s_client to start with. It is an openSSL client and the format is
openssl s_client -connect host:port So lets try this.
The connection is there, lets paste the password op bandit15. It gives us the password of bandit 16!