Level22

Level Goal

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

Solution

This is very simailar to the previous level. We can look at the cronjob that is set up for the bandit23 user and see that it is running the /usr/bin/cronjob_bandit23.sh script. If we look at the contents of that script we see that it is creating a filename by hashing the phrase “I am user bandit23” using md5. It is then creating this file in the /tmp directory with the contents of the /etc/bandit_pass/bandit23 file. If we create that same file name then we can read the contents of that file in the /tmp directory.

root@0xCAB: /writeups/overthewire/bandit/level22/

$ ll /etc/cron.d
...
-rw-r--r-- 1 root root 122 Sep 1 06:30 cronjob_bandit23
...

$ cat /etc/cron.d/cronjob_bandit23
@reboot bandit23 /usr/bin/cronjob_bandit23.sh &> /dev/null
* * * * * bandit23 /usr/bin/cronjob_bandit23.sh &> /dev/null

$ cat /usr/bin/cronjob_bandit23.sh
#!/bin/bash
myname=$(whoami)
mytarget=$(echo I am user $myname | md5sum | cut -d ' ' -f 1)
echo "Copying passwordfile /etc/bandit_pass/$myname to /tmp/$mytarget"
cat /etc/bandit_pass/$myname > /tmp/$mytarget

$ echo I am user bandit23 | md5sum
8ca319486bfbbc3663ea0fbe81326349 -

$ cat /tmp/8ca319486bfbbc3663ea0fbe81326349
QYw0Y2aiA672PsMmh9puTQuhoz8SyR2G

$