OverTheWire - Bandit - Level 21 → Level 22

Connect to the server using the following credentials:

Server: bandit.labs.overthewire.org
Port: 2220
Username: bandit21
Password: gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr

Level Goal is:

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

Check the content of the folder /etc/cron.d/:

bandit21@bandit:~$ ls /etc/cron.d/
cronjob_bandit22  cronjob_bandit23  cronjob_bandit24

There are three files, the first one (cronjob_bandit22) is the interesting one for the current level. Take a look at the content:

bandit21@bandit:~$ cat /etc/cron.d/cronjob_bandit22 
@reboot bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null
* * * * * bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null

A script (/usr/bin/cronjob_bandit22.sh) will be executed once on reboot and every minute.
Take a look at the content of the script:

bandit21@bandit:~$ cat /usr/bin/cronjob_bandit22.sh
#!/bin/bash
chmod 644 /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
cat /etc/bandit_pass/bandit22 > /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv

The script writes the password from the next level (/etc/bandit_pass/bandit22) to a temporary folder (/tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv). We can read it and get the password for the next level:

bandit21@bandit:~$ cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI

The password is: Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI

Show Comments