As the end draws closer for this series, I feel that I have not only learnt so much about what I can and can’t do, but I think I have also improved with my writing skills. Anyway enough about me and back to the bandit level 24, and what looks to be the first brute force level. If you haven’t had a chance to read my OverTheWire Bandit Write Up – Level 23 write up, give it a quick read then head back over here.

Level 24

There is an Netcat server running on port 30002 this will give me the bandit25 password if I enter the password for bandit level 24 with a secret numeric 4-digit passcode. This passcode isn’t saved somewhere which means a brute-force attack will need to take place.

Let’s Start Hacking Then

As with every level of this series I need to start with a fresh terminal and initiate a SSH connection to the system.

ssh bandit24@bandit.labs.overthewire.org -p 2220

Once connected I am prompted for the pasword from the last level, I enter this and I’m in. Now I can start the process, I know I will need a script to run the attack however I want to try 0000 anyways. Using Netcat I connect on port 30002 with the following.

nc localhost 30002

Now connected I enter the password from the previous level and 0000 to the end as show below.

UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ 0000

I instantly receive a message of Wrong, I had already assumed this would be the case but now I know what will happen for an incorrect guess. Now I need to create a script to run my attack, the file can only be created in the /tmp directory. I run the following to open the new file.

nano /tmp/jrlbyrne-bandit25.sh

Once the file has opened I enter the following code in. It includes a copy of the bandit level 24 password and a for loop to go through all numbers from 0000 to 9999.

#!/bin/bash
password=UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ
for i in {0000..9999}
do echo $password $i done

Before the script can be executed I need to make the script executable using chmod.

chmod +x /tmp/jrlbyrne-bandit25.sh

With the script now executable I can pipe the output of the script into netcat with the 30002 port. This will then go through all the numbers until I get a successful message back.

/tmp/jrlbyrne-bandit25.sh | nc localhost 30002

…and Wham! Bam! Thank you ma’am! I have the password now for level 25.

Level 24 Complete

I have hidden the password here, if you are playing along don’t peek! Please! It’s more fun getting it yourself.

Categories:Hacking

Justin Byrne

Justin Byrne is a self motivated tech enthusiasts. Spending more than half his life dedicated to the tech industry. He built his first computer at the age of 11, and has been building ever since. His interests have changed across the years from system building to web programming and even a dab of software engineering, and just like his interests, his operating system has changed sometimes more then 4 times a year.

0 Comments

Leave a Reply