Similar to the last level, we’re asked to connect to port 30001 on localhost and submit the current password, only this time using ssl. This can be easily accomplished using s_client. As per the hint, we have to specify the -ign_eof switch, otherwise the client seems to disconnnect before getting the reply.

bandit15@bandit:~$ man s_client
bandit15@bandit:~$ openssl s_client -ign_eof -connect 127.0.0.1:30001
CONNECTED(00000003)
depth=0 CN = a9678380ab81
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = a9678380ab81
verify return:1
---
Certificate chain
 0 s:/CN=a9678380ab81
   i:/CN=a9678380ab81
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICvjCCAaagAwIBAgIJAO6iKan6EbNwMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV
BAMTDGE5Njc4MzgwYWI4MTAeFw0xNzA2MTUxMTI3MjVaFw0yNzA2MTMxMTI3MjVa
MBcxFTATBgNVBAMTDGE5Njc4MzgwYWI4MTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALOcuRCY9evp5X6Ooe8oyq4qRECAXplyMejybRRPNnRAz+wwRMJs
y/hoHUZVRCVmww95xPdwl1pCiHBGoApvDGMacYS4SH58/76WGfOxBzTat+hdPIzq
H4FZMWbH/H3MzAWvEUmz8uQDlettwIGro7yYT3c1oZ3BBDWTj93769mJ/+FxaVGa
DiwX0l5XGB2qNoDBYwXaIhDa85nu5Sgs+nOYz++3ISafVr0V7XnheS5l0TCqDQRp
HBNwF0V3GFC9RawTIrboe4LJ6ZLDa41jCTUpq1S6Zmwedeqp63D+dnRtGst/l/7g
iVcoeYZmts2LjKc/5FlL4h3vr3O+oiAzFdcCAwEAAaMNMAswCQYDVR0TBAIwADAN
BgkqhkiG9w0BAQsFAAOCAQEAHEh77j3hSkLXLLQ40hvF7HMP5gFl9oj1q45cQblb
zm4nMbmDOeiRclzeZ5JDnfr7W6PXnBfwLR5svhIc9CEtUDc0clJToK0iF8TT8ucy
ZB6F28/PAvTwvpAzIgLj9JnsJU8kJvJA6WCKTz7QJxXVGNT8qbk5DQw1THm0Ed38
U6o3hbqgvP7p5mK5F+m6yuo7oBlsVPu/c4YZJkMbbvf/IxQSD/j8ZPFGYVBdwRIf
FGLZsRlt9CgC/FjYc19XBTe75nqjkxNeuD+6sP7MCn+Pp5j6h6ULthDJaD8dhvDu
IF0zPWm885s6xG6xt74lFp2GOFJyayP0AlRu7iA1uUoS7g==
-----END CERTIFICATE-----
subject=/CN=a9678380ab81
issuer=/CN=a9678380ab81
---
No client certificate CA names sent
---
SSL handshake has read 1682 bytes and written 637 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: D76E31697DFDE7B7C75CA639E5EC867DE9752DD1135380AA4B58ECD66C21BE67
    Session-ID-ctx:
    Master-Key: 3017399D665D26DDDD7CEC7561E9B2A7074D74EC0C35D58638531F610475915FBB008548ACD8099A57FB2767C9B26F2A
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1504828427
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
XXXXXXXXXXXXXXXXXXXXXXXXXX (password for bandit15)
Correct!
XXXXXXXXXXXXXXXXXXXXXXXXX (password for bandit16)

read:errno=0
bandit15@bandit:~$