I’m working on a program that I need to brute force with a 4 pin number in order to get a flag. This is for some Cybersecurity challenges. I was able to create a python script that will print every combination of 4 digits number. However, I don’t know how can I pass that as an argument to the program that I need to brute-force.
I am using Kali linux to run the program and create the script.
#!/usr/bin/python from itertools import product numbers = '0123456789' # chars to look for for length in range(1, 3): # only do lengths of 1 + 2 to_attempt = product(chars, repeat=4) for attempt in to_attempt: print(''.join(attempt))
Any thoughts on how can I pass those results as an argument to the program?
Advertisement
Answer
You’re not trying to pass a python script as an argument, you’re trying to turn the output of your script into arguments to another program.
There are several ways to do this. Probably the most efficient way is to just invoke the program from your Python script instead of printing output.
However, if you want to iterate over the lines output by some program, you can do it as follows:
python script.py | while read -r; do ./program "$REPLY" # or do whatever you want with "$REPLY" done
If all you’re doing in the loop is running a single program, passing lines as arguments can also be done with xargs
instead:
python script.py | xargs -n1 ./program
You probably don’t need your Python script at all. For example, if you just want a list of all four-digit numbers, you can do
seq -w 0 9999
(The -w
option pads 0
to 0000
, 1
to 0001
, etc.)
Combined with xargs
that gives
seq -w 0 9999 | xargs -n1 ./program
Or you could write the whole loop in the shell:
for ((i=0; i<=9999; i++)); do # using printf to pad the number to 4 places ./program "$(printf '%04d' $i)" done