miscfreeeasy

PINsmith

hackthebox

Task: Generate all valid PINs from a template with wildcards and constraints (no adjacent duplicates). Solution: Backtracking algorithm with look-ahead optimization to prune invalid branches early.

$ ls tags/ techniques/

bruteforce backtracking programming pin_generation

backtracking_algorithmconstraint_satisfaction

$ cat /etc/rate-limit

Rate limit reached (20 reads/hour per IP). Showing preview only — full content returns at the next hour roll-over.

PINsmith — HackTheBox

Description

After gaining access to CygnusCorp's internal network, you've uncovered a critical system locked behind a numeric PIN. The catch? Only partial digits are visible, leaving you to piece together the rest. With your mission progressing, every second counts. You can't afford to waste time blindly guessing. Can you use the partial information at hand to orchestrate an educated brute force attack and break into the system before you're caught?

Rules

Known digits are fixed and must appear in the indicated positions
Unknown positions are represented by *
Digits may repeat in the PIN, but not in adjacent positions
Output the valid PINs in ascending lexicographical order

Analysis

The task is a classic combination generation problem with constraints:

Fixed positions: If a digit is specified in the template, it must remain in its place
Wildcard positions: The * symbol means we need to iterate through all possible digits 0-9
Adjacency constraint: Adjacent positions cannot contain the same digits

The service works via HTTP API:

Endpoint: /run
Method: POST
Format: JSON with code and language fields

Solution

Using the backtracking algorithm:

...

$ grep --similar

Similar writeups

[web][Pro]Пин код— duckerz
[misc][free]Pivot Chain Challenge— hackthebox
[misc][free]Cred Hunter— hackthebox
[crypto][Pro]SpiralFloats— 0xl4ugh
[hardware][free]Mission Pinpossible— hackthebox