OverTheWire - Bandit - Level 24 → Level 25
1.) you want to see a possible alternative solution or
2.) you are stuck and need a hint!
Connect to the server using the following credentials:
Level Goal is:
A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing.
First of all create a temporary folder to work in.
Next, check manually how the daemon is working. To do so, connect to port
telnet or in my case
From the description we know, that we have to send the password from the current level and a 4-digit pincode separated by a space. To brute-force the pincode, we need to know, what the error message looks like. Just enter the password from the current level and a dummy 4-digit pincode and see what happens.
Now we know the error message and can react to it in our brute-force script.
I’ve written the script in python and used the pwntools CTF toolkit for the first time here, but there are tons of other possible solutions.
The script is overengineered for this task, but I wanted to play around with pwntools and Process, after a long long time not using python. I’ve started the
brute function four times and assigned a pincode range to each process to speed up the task. After a short time the password for the next level appears.
SILENT=1 disables the pwntools output that appears every time a connection is established or closed.
Don’t forget to delete the temporary folder: