OverTheWire Bandit Level 24->Level 25 - Walkthrough
OverTheWire Bandit - Solutions
Introduction
In this post, I will be giving you a walkthrough to the Bandit wargame Level 24->Level 25. We will utilize the knowledge from the previous levels to clear the level.
Goal
Get the password for bandit25 from a daemon listening on port 30002. The daemon will send the correct password only when the password for bandit24 is submitted along with a secret numeric 4-digit pincode.
Login Details
Server - bandit.labs.overthewire.org
Port - 2220
Username - bandit24
Password - VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar
Theory
We will utilize the commands grep, netcat and basic bash scripting that we had learned in the previous levels.
A for-loop in bash has the following syntax-:
for i in {1..N}
do
#something
done
If we want each value of i to have 4 digits then we can write
the range as {0000..1000}.
grep command has the option "-v" which we can use to print the lines that do not match the specified pattern.
Solution
SSH into the user bandit24 using the command "ssh bandit24@bandit.labs.overthewire.org -p 2220" and the above password. First connect to the localhost on the port 30002 using netcat and lets see the response. Type the command "nc localhost 30002". Enter the password of bandit24 and a random 4 digit number after a space. Notice the response that we get on entering incorrect pincode.
 |
We will write a for loop which will iterate from 0000 to 9999
as these are the possible pincodes. We will then combine the password with the
value of i(pincode) and pass this to netcat using the pipe(|) operator.
As we have seen above the response when the incorrect pincode
is entered, therefore, we will use 'grep -v "Wrong!"' to print only
those lines which do not contain the specified word. Type the command to get
the password for bandit25-:
- for i in {0000..9999}; do echo "VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar $i"; done | nc localhost 30002 | grep -v "Wrong!"
Comments
Post a Comment