Level21

Level Goal

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

Solution

If we look in the /etc/cron.d/ directory we see a cronjob_bandit22 file. Looking at this file we see that it executes the /usr/bin/cronjob_bandit22.sh script. Looking at that script we see that it is writing the contents of the /etc/bandit_pass/bandit22 file to a file in the /tmp directory that has world readable permissions. We can read the contents of this file to get the password for bandit22.

root@0xCAB: /writeups/overthewire/bandit/level21/

$ ll /etc/cron.d
...
-rw-r--r-- 1 root root 120 Sep 1 06:30 cronjob_bandit22
...

$ cat /etc/cron.d/cronjob_bandit22
@reboot bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null
* * * * * bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null

$ ll /usr/bin/cronjob_bandit22.sh
-rwxr-x--- 1 bandit22 bandit21 130 Sep 1 06:30 /usr/bin/cronjob_bandit22.sh*

$ cat /usr/bin/cronjob_bandit22.sh
#!/bin/bash
chmod 644 /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
cat /etc/bandit_pass/bandit22 > /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv

$ cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
WdDozAdTM2z9DiFEQ2mGlwngMfj4EZff

$