The instructions include a note about how the docker infrastructure makes this challenge more difficult. We’re told that there’s a setuid binary in our home directory that will connect back to localhost on the port of our choosing. Once it gets a connection, it will expect the program on the other end to give it a string. It will compare this string to the current level 20 password, and if they match, will return the password for level 21.
Supposedly, docker makes this more difficult because each connection to the server spawns a new environment, which means that setting up a listening program could apparently result in some problems. We cannot set a listening program in one session and then telnet into the same box on another session and invoke the executable. However, I got around this by setting nc listening on a port and appending an ampersand to the command, which has the process continue executing in the background. With the server now waiting, I invoked the program.
bandit20@bandit:~$ cat "/etc/bandit_pass/bandit20" | nc -p 6666 -l&
[1] 112
bandit20@bandit:~$ ./
.cache/ suconnect
bandit20@bandit:~$ ./suconnect 6666
Read: XXXXXXXXXXXXXXXXXXXXXXX
Password matches, sending next password
XXXXXXXXXXXXXXXXXXXXXXXXXXXX
[1]+ Done cat "/etc/bandit_pass/bandit20" | nc -p 6666 -l
bandit20@bandit:~$