OverTheWire - Bandit - Level 22

Level Goal

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

Commands you may need to solve this level

• cron
• crontab
• crontab(5) (use man 5 crontab to access this

Helpful Reading Material

• None provided.

---

Let's start by checking what's in the /etc/cron.d directory.

ls /etc/cron.d

We should see /etc/cron.d/cronjob_bandit22 - pretty safe bet this is the cronjob that gets activated by cron. So let's inspect what it does.

cat /etc/cron.d/cronjob_bandit22

We'll see that it calls a script in /usr/bin/cronjob_bandit22.sh.. Well let's see what that does.

cat /usr/bin/cronjob_bandit22.sh

We'll get a script that looks like this:

#!/bin/bash
chmod 644 /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
cat /etc/bandit_pass/bandit22 > /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv

We'll get the location that the shell script puts the password. Let's go read it now.

cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv

This will give us the password necessary to log into bandit22.

We can hack our way through this with a single query by doing the piping the result of the initial cat of the cron.d/cronjob_bandit22 file to a cat of a gawk that will provide the value of the directory of the shell script that executes every time the cron job is run in the /usr/bin directory that we can finally pipe to a cat of a gawk that prints the location of the /tmp/ file that stores the password. In short, it will look like this:

cat /etc/cron.d/cronjob_bandit22 | cat `gawk '{print $7}'` | cat `gawk '{print $4}'`