Level: 0→1
Level: 1→2
Level: 2→3
Level: 3→4
Level: 4→5
Level: 5→6
Level: 6→7
Level: 7→8
Level: 8→9
Level: 9→10
Level: 10→11
Level: 11→12
Level: 12→13
Level: 13→14
Level: 14→15
Level: 15→16
Level: 16→17
Level: 17→18
Level: 18→19
Level: 19→20
Level: 20→21
Level: 21→22
Level: 22→23
Level: 23→24
Level: 24→25
Level: 25→26
Level: 26→27
Level: 27→28
Level: 28→29
Level: 29→30
Level: 30→31
Level: 31→32
Level: 32→33
Level: 33→34

~ Level 24→25 ~

Level Description

A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing.

No commands and no links are provided to help solve this level.

Research Before Solving

We are tasked with writing a script that will brute-force a four-digit pin. To do so we will create a variable with a range 0-10000. Then we will iterate through each number inside of the range. We will print out the password followed by all possible combinations of numbers with a space in between. We can take the results of this script and pass the file to the daemon using nc.

Solution Walkthrough

Log in to the OverTheWire server using bandit24 as the user. We will start by using mkdir /tmp/user to create a directory where our files will reside. Next we can use touch brute.sh comb.txt to create our files.

Now we can use vim brute.sh to write our script. Press i to start editing and write a script as follows:

We must now run the script and redirect the results to our file named comb.txt. We used python to write the script so the following command should be used to run the program and redirect the output: python brute.sh > comb.txt

If your pc is powerful enough to handle it, we can cat our comb.txt file to make sure the combinations are displaying properly and all of them are iterated through.

beginning of combinations printed to screen

Our script was successful! Before passing our combinations file to the daemon listening on port port 30002, we must set the permissions so that other users can read the file. We do this with the command chmod 777 comb.txt. The last command to be used is as follows: nc localhost 30002 < comb.txt. This command will make a connection to localhost on port 30002. The < signifies to use comb.txt as input after connecting. This will print all possible combinations to the daemon.

While the results print out all of the wrong answers, we are eventually met with the password to bandit25!

Password: uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG

Previous Level

Next Level