OverTheWire - Bandit: Level 22 to Level 23

This time there will be a cron job which can be abused to get to the next password.

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

The cronjob directory contains multiple cronjobs for different levels. For Level 21 there is the following one:

1 $ cat /etc/cron.d/cronjob_bandit22
2 @reboot bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null
3 * * * * * bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null

If we take a look into the shell script which will be executed we can see, the password is copied to a temporary file:

1 $ cat /usr/bin/cronjob_bandit22.sh
2 #!/bin/bash
3 chmod 644 /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
4 cat /etc/bandit_pass/bandit22 > /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv

Thus, we can simply cat the temporary file to get the password.

1 $ cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
2 WdDozAdTM2z9DiFEQ2mGlwngMfj4EZff

Kategorien: #/writeups/; #/overthewire/

Tags: #/security/; #/hacking/; #/bash/; #/linux/; #/ctf/

1	$ cat /etc/cron.d/cronjob_bandit22
2	@reboot bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null
3	* * * * * bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null

1	$ cat /usr/bin/cronjob_bandit22.sh
2	#!/bin/bash
3	chmod 644 /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
4	cat /etc/bandit_pass/bandit22 > /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv

1	$ cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
2	WdDozAdTM2z9DiFEQ2mGlwngMfj4EZff