-1

I am not understanding why this code is not sending the correct information to netcat.

Not sure what to try

#!/bin/bash

for i in {0000..9999}

do
 echo UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ $i | nc localhost 30002
done

Goal is to send a hashed password as well as a 4 digit pin over netcat to port 30002 on localhost. Netcat will return the goal password after receiving the correct password/pin combination.

wiregh0st
  • 57
  • 10
  • 1
    Possible duplicate of [How do I write a for loop in bash](https://stackoverflow.com/questions/49110/how-do-i-write-a-for-loop-in-bash) – IoCalisto Jul 15 '19 at 18:35
  • 1
    also, host/port seems in the wrong order. – karakfa Jul 15 '19 at 18:38
  • 5
    Your shell is `/bin/sh` and `{0000..9999}` is something bash understands. Probably you want `#!/bin/bash`. – KamilCuk Jul 15 '19 at 18:39
  • @karakfa edited. it was correct in the bash file, however, I posted it to the site wrong. – wiregh0st Jul 15 '19 at 18:47
  • @KamilCuk I ran it as "bash bash.sh", however, I have edited the file and will edit the post to reflect the change to #!/bin/bash – wiregh0st Jul 15 '19 at 18:53
  • 2
    @wiregh0st Which version of `bash` are you using? Zero-padding of brace expansions wasn't added until bash 4. If you are using an earlier version (such as the one that ships with macOS), then something like `{00..10}` expands to `0 1 2 3 4 5 6 7 8 9 10` instead of `00 01 02 03 04 05 06 07 08 09 10`. – chepner Jul 15 '19 at 18:55
  • @chepner bash version 4.4.12 – wiregh0st Jul 15 '19 at 19:13
  • What's the output of `$i` if you drop the pipe to `nc`? `0 1 2 ...` or `0000 0001 0002`? Or does the loop only run once with `{0000..9999}` as the value of `$i`? – chepner Jul 15 '19 at 19:37
  • "not sending the correct information" - What _is_ it sending? – Dennis Williamson Jul 15 '19 at 20:13

1 Answers1

1

Your shebang suggests you are using a shell that doesn't support brace expansion. Use #!/bin/bash (or whatever path is correct) if you intend to use bash-specific features. Per your update, it sounds like you are using an older version of bash that doesn't zero-pad the result of a brace expansion.

Brace expansion is typically meant for interactive use, to decrease key strokes. In a script, either use 

for ((i=0; i< 10000; i++)); do
  printf 'UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ %04d\n' | nc localhost 30002
done

or a POSIX-compliant while loop.

i=0
while [ "$i" -lt 10000 ]; do
  printf 'UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ %04d\n' | nc localhost 30002
  i=$((i+1))
done
chepner
  • 497,756
  • 71
  • 530
  • 681