OverTheWire - Bandit - Level 23 → Level 24
1.) you want to see a possible alternative solution or
2.) you are stuck and need a hint!
Connect to the server using the following credentials:
Level Goal is:
A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
NOTE: This level requires you to create your own first shell-script. This is a very big step and you should be proud of yourself when you beat this level!
NOTE 2: Keep in mind that your shell script is removed once executed, so you may want to keep a copy around…
Check the content of the folder /etc/cron.d/:
There are three files, the third one (cronjob_bandit24) is the interesting one for the current level. Take a look at the content:
A script (/usr/bin/cronjob_bandit24.sh) will be executed once on reboot and every minute. Take a look at the content of the script:
As mentioned in line seven, this script is executing all scripts available in the folder ’/var/spool/$myname’ → ’/var/spool/bandit24’ in our case. After executing a script, it deletes the script (line 14).
A temporary folder to save the flag to is needed, first create it and change chmod to 777 (lazy, I know):
Now, move to that temporary directory and create a short shell script, which writes the output of ’/etc/bandit_pass/bandit24’ to ’/tmp/lvl2324/password’:
Copy that shell script file to ’/var/spool/bandit24’:
Wait until the shell script file in the folder is deleted and check the password file:
Don’t forget to delete the temporary folder: