软件工程 第三周的博客
简要概述 CTF OverTheWire Bandit Level 24
题目
在端口 30002 上有一个守护进程正在监听,如果提供了 bandit24 的密码和一个秘密的 4 位数的数字密码,它将为您提供 bandit25 的密码。除了通过穷举全部 10000 种组合的方式以外,没有其他获得 pincode 的方法,这被称为暴力破解。
大致思路如下:
- 先写一个
script,按要求进行排版输出到stdout - 把输出的 10000 种组合
pipe到netcat监视的localhost:30002进行测试 - 直接输出到
stdout可能会timeout打断进程,所以我们输出到output.txt - 最后
cat文本内容拿到密码
先利用ssh连接到bandit.labs.overthewire.org的服务器,端口号2220,为此我们需要bandit24的密码。
1 | ssh bandit24@bandit.labs.overthewire.org -p 2220 |
以bandit24进入 Level 24 之后先到系统文件夹/tmp下建立本关的临时文件夹。
1 | cd /tmp; mktemp -d |
-d代表directory,即告诉mktemp指令创建的临时文件属性为文件夹
1 | touch script.sh |
touch: 创建文件
chmod-change mode: 改变文档rwx权限
r-read: 读取权限status code为 4w-write: 书写权限status code为 2x-execute: 执行权限status code为 1
进入文本编辑器之后,选定”插入“模式,按i键
首行书写shebang行,选定使用哪个shell来执行该script - 我们选用bash
然后写我们的entity body的代码:
1 |
|
除了语法上微小的一点差异,该题的syntax和C的语法很相像,所以不赘述了。
大致格式就是for [ test statement]; do <command>; done
编辑结束按ESC键回到普通模式,按:,然后输入指令wq,回车保存并退出。
执行script.sh,并把结果pipe到netcat:
1 | ./script.sh | nc localhost 30002 > output.txt |
然后cat output.txt读取文本内容,这是其中的一小部分:
Fail! You did not supply enough data. Try again.
Wrong! Please enter the correct pincode. Try again.
Fail! You did not supply enough data. Try again.
Wrong! Please enter the correct pincode. Try again.
Fail! You did not supply enough data. Try again.
Wrong! Please enter the correct pincode. Try again.
Fail! You did not supply enough data. Try again.
Wrong! Please enter the correct pincode. Try again.
Fail! You did not supply enough data. Try again.
Wrong! Please enter the correct pincode. Try again.
Fail! You did not supply enough data. Try again.
Wrong! Please enter the correct pincode. Try again.
Fail! You did not supply enough data. Try again.
Wrong! Please enter the correct pincode. Try again.
Fail! You did not supply enough data. Try again.
Wrong! Please enter the correct pincode. Try again.
Fail! You did not supply enough data. Try again.
Correct!
The password of user bandit25 is p7TaowMYrmu23Ol8hiZh9UvD0O9hpx8d
Exiting.