1 00:00:00,390 --> 00:00:06,870 Hi, we are currently inside of Baghdad, level 24, and in this lecture, we're going to try and go 2 00:00:06,870 --> 00:00:09,050 to Baghdad, level 25. 3 00:00:09,630 --> 00:00:11,210 So here you go. 4 00:00:11,490 --> 00:00:19,110 It says that that Damon is listening in part to 30000 and to and we'll give you the password for the 5 00:00:19,110 --> 00:00:28,030 Bendat 25 if given the password for your Bendat 24 and a secret numeric four digit PIN code. 6 00:00:28,050 --> 00:00:36,740 So we're going to go into the Dysport and we're going to supply the password and a four digit pin code. 7 00:00:37,650 --> 00:00:39,550 So this is good. 8 00:00:40,020 --> 00:00:46,340 There is no way to retrieve the PIN code except by going through all of the combinations. 9 00:00:46,500 --> 00:00:47,980 So let's try that and see. 10 00:00:48,210 --> 00:00:55,710 I'm going to copy disbanded the level to 24 and let me try to copy it one more time. 11 00:00:55,710 --> 00:00:57,660 I believe we couldn't get that one. 12 00:00:57,990 --> 00:01:04,190 So I'm just going to copy this one and come over here and see if we can pass it over there. 13 00:01:04,440 --> 00:01:05,780 Yep, we can paste this. 14 00:01:06,150 --> 00:01:10,680 Of course, it doesn't make sense to enter because it won't do anything. 15 00:01:10,890 --> 00:01:18,900 We have to open a port and at least communicate with the 2002 port and just see how it works. 16 00:01:19,200 --> 00:01:25,560 I believe we're going to have to do some brute forcing as we are instructed over here, because we we 17 00:01:25,560 --> 00:01:28,920 don't know anything about that four digit PIN code. 18 00:01:29,130 --> 00:01:33,360 So it's something like one, two, three, four, five, five, five five. 19 00:01:33,360 --> 00:01:35,100 But we don't know it yet. 20 00:01:35,460 --> 00:01:38,130 So we're going to have to try every combination. 21 00:01:38,490 --> 00:01:40,770 So let me see how this works. 22 00:01:40,770 --> 00:01:45,050 First, I'm going to create a Netcare command over here. 23 00:01:45,510 --> 00:01:46,380 So here you go. 24 00:01:46,380 --> 00:01:47,070 It works. 25 00:01:47,610 --> 00:01:57,420 It asks for the password and it says that I'm the PIN code checker, so I'm going to post this, not 26 00:01:57,420 --> 00:01:58,980 this, but this. 27 00:01:58,990 --> 00:02:05,820 OK, I'm going to copy this and I'm just going to delete this and I'm going to pass this. 28 00:02:06,240 --> 00:02:07,320 Yeah, I couldn't do that. 29 00:02:07,320 --> 00:02:14,970 Let me try it one more time, Pastis, and let me just don't give any pin code and see what happens 30 00:02:14,970 --> 00:02:18,480 or just give one, two, three, four, five, six, something like that. 31 00:02:19,020 --> 00:02:20,100 And here you go. 32 00:02:20,100 --> 00:02:22,920 It says that enter the correct PIN code. 33 00:02:22,920 --> 00:02:25,530 So let me try another one like this. 34 00:02:25,800 --> 00:02:26,820 And here you go. 35 00:02:27,450 --> 00:02:31,800 Yeah, it works, but we don't know the PIN code, so that's the problem over here. 36 00:02:32,550 --> 00:02:38,190 So as you can see, it might take some time because there are a lot of combinations, like ten thousand 37 00:02:38,190 --> 00:02:39,210 combinations. 38 00:02:39,510 --> 00:02:41,670 And we cannot do that. 39 00:02:41,760 --> 00:02:42,360 Right. 40 00:02:42,600 --> 00:02:50,550 We have to write a script in order to make sure we Tomi's that process and you can't find it like that. 41 00:02:50,550 --> 00:02:53,820 But it will take some like hours or something like that. 42 00:02:54,300 --> 00:02:56,880 So let's see if there's Python over here. 43 00:02:56,880 --> 00:03:02,670 Yep, there's a python and we can use Python in order to create a for loop. 44 00:03:03,270 --> 00:03:08,670 And also we can use actually the best scripting one more time. 45 00:03:09,450 --> 00:03:15,270 We already know that we can write my scripts over here and we can execute them. 46 00:03:15,750 --> 00:03:21,330 And you have seen how to do a for loop in the best script within the previous lecture. 47 00:03:21,570 --> 00:03:23,010 So let me show you what I mean. 48 00:03:23,010 --> 00:03:25,950 I'm going to go into the TMP folder, OK? 49 00:03:26,430 --> 00:03:32,190 And I'm coming over here because we can write something over there, right? 50 00:03:32,190 --> 00:03:33,810 We can create a new folder. 51 00:03:33,810 --> 00:03:36,630 We can create a new file and execute it. 52 00:03:37,020 --> 00:03:40,230 So I'm going to create another folder like we used to do. 53 00:03:40,230 --> 00:03:45,990 I'm going to create a table or I'm just going to call it twenty four because we are inside of twenty 54 00:03:45,990 --> 00:03:46,500 four. 55 00:03:47,130 --> 00:03:50,430 So I'm inside of until twenty four, OK. 56 00:03:50,760 --> 00:03:53,700 And I'm going to create a new best script file. 57 00:03:54,120 --> 00:03:57,840 And let me try that Nanoha one more time and see if this works. 58 00:03:57,840 --> 00:04:01,740 My script that h no it doesn't work. 59 00:04:01,920 --> 00:04:07,470 There is something wrong with Nanoha I believe within the system so I'm going to try with them. 60 00:04:07,470 --> 00:04:08,460 OK vem. 61 00:04:08,970 --> 00:04:16,530 And let's call this something else, not my script but I say you can't call it anything you want. 62 00:04:16,530 --> 00:04:18,270 And Wim is another editor. 63 00:04:18,480 --> 00:04:26,250 It's exactly like nano but it's harder to use so I don't use it very often in order to just keep it 64 00:04:26,250 --> 00:04:26,910 simple. 65 00:04:27,480 --> 00:04:30,470 But as you can see, I believe this works. 66 00:04:30,480 --> 00:04:37,590 So if you hit I on your keyboard, you go to the insert mode inside of them. 67 00:04:37,890 --> 00:04:43,980 So this is a text as well as you can see, and we can write whatever we want or they're right. 68 00:04:44,130 --> 00:04:48,300 So it's the same thing, but it's actually harder to use. 69 00:04:48,450 --> 00:04:59,070 So hit I and try to type the Shabangu like hash and exclamation point and you can write bin bash over 70 00:04:59,070 --> 00:04:59,490 here. 71 00:05:00,090 --> 00:05:09,930 Like this, so here you go after the bin bash, let me try to copy and paste and see if copying and 72 00:05:09,930 --> 00:05:11,010 pasting works. 73 00:05:11,430 --> 00:05:14,250 So let me come over here and paste this here. 74 00:05:14,280 --> 00:05:14,690 Go. 75 00:05:14,730 --> 00:05:23,760 I believe this is working, so maybe we can make this equal to Bendit 24 password, assign it to a variable, 76 00:05:23,760 --> 00:05:25,070 something like this. 77 00:05:25,440 --> 00:05:27,960 OK, so far so good. 78 00:05:27,960 --> 00:05:30,850 We managed to create a variable over there. 79 00:05:31,440 --> 00:05:33,630 Of course we're going to write the rest. 80 00:05:33,630 --> 00:05:40,680 But for right now, let me test to see if we can save this file in order to do that, hit escape on 81 00:05:40,680 --> 00:05:41,640 your keyboard. 82 00:05:41,850 --> 00:05:44,250 It will take you out of the insert mode. 83 00:05:44,460 --> 00:05:50,530 Now you can write comments over here at the left bottom side of your screen. 84 00:05:50,850 --> 00:05:53,700 Now I'm going to write column W. 85 00:05:53,790 --> 00:05:58,300 Q So it means that to write it and then quit it. 86 00:05:58,570 --> 00:06:06,120 OK, column WQ and if you hit enter after you write this it will write it and then quit it. 87 00:06:07,790 --> 00:06:11,600 So let me cut that out and see if this works. 88 00:06:11,900 --> 00:06:12,740 Yeah, here you go. 89 00:06:12,740 --> 00:06:13,670 It actually works. 90 00:06:13,700 --> 00:06:15,760 So there was something wrong with Nano. 91 00:06:15,770 --> 00:06:19,810 I don't know what it is, but we can use them, obviously. 92 00:06:20,300 --> 00:06:25,560 So I'm going to go for one more time and complete complete my script over there. 93 00:06:26,210 --> 00:06:31,580 And again, you can use Python if you want, but since we have started with my script, I'm going to 94 00:06:31,580 --> 00:06:33,200 continue with the script. 95 00:06:33,830 --> 00:06:37,630 So I'm continuing with the by scripting. 96 00:06:37,970 --> 00:06:42,800 And if you run this one more time, you can continue editing your script. 97 00:06:43,160 --> 00:06:46,010 So what I'm going to do, I'm going to create a for loop. 98 00:06:46,460 --> 00:06:54,500 So remember, for loops are loops that you actually run over and over again until the condition is met 99 00:06:54,800 --> 00:06:57,710 and the condition or a range is met. 100 00:06:57,710 --> 00:07:06,110 And the range here will be from one one one one two nine nine nine nine in order to test all the available 101 00:07:06,110 --> 00:07:07,610 digit PIN codes. 102 00:07:07,970 --> 00:07:09,740 So it's written like this. 103 00:07:09,740 --> 00:07:15,800 You have to follow me exactly what I'm writing over here or else it wouldn't work. 104 00:07:16,070 --> 00:07:17,990 So I'm going to call this I. 105 00:07:18,530 --> 00:07:24,040 And inside of the curly braces, I'm going to specify a range. 106 00:07:24,380 --> 00:07:29,470 So our range will be from one one one one two nine nine nine nine. 107 00:07:29,600 --> 00:07:36,920 And I don't know if it's supposed to be from zero zero zero zero, but I'm just going to try it like 108 00:07:36,920 --> 00:07:37,360 this. 109 00:07:37,970 --> 00:07:44,750 So in order to specify a range in my scripting, you can do it like this one one one one that dot nine 110 00:07:44,750 --> 00:07:45,650 nine nine nine. 111 00:07:45,920 --> 00:07:50,030 And then you can say do so. 112 00:07:50,030 --> 00:07:52,130 Don't forget the semicolon over there. 113 00:07:52,520 --> 00:08:00,740 And after do you can specify what's going to happen inside of this loop every time this loop gets called 114 00:08:01,010 --> 00:08:01,490 Regan. 115 00:08:01,520 --> 00:08:08,130 All right, Echo, OK, and just give the Bendit 24 password over here. 116 00:08:08,540 --> 00:08:12,830 So this is our variable holding that password value for us. 117 00:08:13,070 --> 00:08:17,900 And with a space, you can't write something like I over there. 118 00:08:17,900 --> 00:08:22,460 And I sense for the individual pin that we have at that point. 119 00:08:22,460 --> 00:08:29,930 So I will be one one, one one first and then one one one two one one one three one one one four up 120 00:08:29,930 --> 00:08:31,550 until nine nine nine nine. 121 00:08:31,880 --> 00:08:39,140 So it's going to repeat that process again and again until it's finished or until we get the results 122 00:08:39,140 --> 00:08:44,020 back from the server and it get executed and it got canceled. 123 00:08:44,030 --> 00:08:49,220 OK, and we can just write down over here. 124 00:08:49,820 --> 00:08:52,160 And I believe that's our for loop. 125 00:08:52,490 --> 00:08:53,090 Right. 126 00:08:53,630 --> 00:09:01,760 And of course, we are going to have to create a connection between the part that we're trying to send 127 00:09:01,760 --> 00:09:02,460 this to. 128 00:09:02,840 --> 00:09:10,370 So what I'm going to do, I'm going to pipe this pipe this for a loop like that with a piping sign after 129 00:09:10,370 --> 00:09:17,840 done, I'm going to take every input from here and I'm going to pipe this to the next cat so that it 130 00:09:17,840 --> 00:09:23,780 can forward this information to the localhost 30000 and to like this. 131 00:09:24,110 --> 00:09:31,670 OK, so do Cullin w q and hit enter so it will write and quit. 132 00:09:32,300 --> 00:09:39,080 And if you Katmai my script that s h you will see the final result over here. 133 00:09:39,090 --> 00:09:40,670 So far so good. 134 00:09:41,300 --> 00:09:46,430 Now all we have to do is just make it executable like segment seven seven seven. 135 00:09:46,430 --> 00:09:53,750 My script that as H now if we run this my script that I say it will do what we have instructed to do. 136 00:09:54,320 --> 00:10:00,650 So it's going to try every possible pin code on that part. 137 00:10:00,650 --> 00:10:06,350 So I'm just going to write this dash slash my script that S.H. in order to execute this. 138 00:10:06,590 --> 00:10:07,610 And here you go. 139 00:10:07,610 --> 00:10:15,890 It's trying and trying and trying and the connection is closed when we find the correct one. 140 00:10:15,890 --> 00:10:20,450 And here we have the password for the banded twenty five. 141 00:10:20,450 --> 00:10:20,990 Yep. 142 00:10:20,990 --> 00:10:22,400 Let's copy this. 143 00:10:22,880 --> 00:10:24,260 See, this is fun. 144 00:10:24,260 --> 00:10:25,430 I told you so. 145 00:10:25,760 --> 00:10:29,900 I'm going to come over here and I know the password that you see. 146 00:10:30,320 --> 00:10:35,210 At least none of works in our own colonics so that we don't have to deal with them. 147 00:10:35,660 --> 00:10:41,540 So I'm going to come over here to level twenty five and save this and just come out of this. 148 00:10:42,170 --> 00:10:47,180 So right now we know how to go into the Bendit twenty five. 149 00:10:47,480 --> 00:10:52,220 So I'm going to just do it and see if that password is right or not. 150 00:10:53,060 --> 00:10:56,030 And if this is right, we're going to stop here. 151 00:10:56,030 --> 00:10:57,830 Let's just test this. 152 00:10:58,520 --> 00:11:02,090 I'm going to paste a selection and hit enter and here you go. 153 00:11:02,090 --> 00:11:03,110 We are inside. 154 00:11:03,380 --> 00:11:07,040 So I'm going to stop here and continue within the next like. 155 00:11:07,140 --> 00:11:07,490 Your.