OverTheWire - Bandit: Level 23 to Level 24
Again, and possibly for the next few levels as well, we are going to inspect some cron tasks.
A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
NOTE: Looking at shell scripts written by other people is a very useful skill. The script for this level is intentionally made easy to read. If you are having problems understanding what it does, try executing it to see the debug information it prints.
The cronjob calls shell script:
1 $ cat /etc/cron.d/cronjob_bandit23
2 @reboot bandit23 /usr/bin/cronjob_bandit23.sh &> /dev/null
3 * * * * * bandit23 /usr/bin/cronjob_bandit23.sh &> /dev/null
With the shellscript being:
1 $ cat /usr/bin/cronjob_bandit23.sh
2 #!/bin/bash
3
4 myname=$(whoami)
5 mytarget=$(echo I am user $myname | md5sum | cut -d ' ' -f 1)
6
7 echo "Copying passwordfile /etc/bandit_pass/$myname to /tmp/$mytarget"
8
9 cat /etc/bandit_pass/$myname > /tmp/$mytarget
The cronjob is executed as bandit23
and thus, the variable myname
will contain bandit23
. To get the target filename we can execute the following shell commands:
1 $ echo I am user bandit23 | md5sum | cut -d ' ' -f 1
2 8ca319486bfbbc3663ea0fbe81326349
And the next password can be found at:
1 $ cat /tmp/8ca319486bfbbc3663ea0fbe81326349
2 QYw0Y2aiA672PsMmh9puTQuhoz8SyR2G