Level Goal
A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.NOTE: Looking at shell scripts written by other people is a very useful skill. The script for this level is intentionally made easy to read. If you are having problems understanding what it does, try executing it to see the debug information it prints.
Commands you may need to solve this level
- cron
- crontab
- crontab(5) (use man 5 crontab to access this
Helpful Reading Material
- None provided.
This one starts out very similar to the previous level. Let's go inspect the /etc/cron.d/ directory for a bandit23 cronjob. And then let's inspect that cronjob.
ls /etc/cron.d/ cat /etc/cron.d/cronjob_bandit23 cat /usr/bin/cronjob_bandit23.shWe'll get another bash script that looks like this:
#!/bin/bash myname=$(whoami) mytarget=$(echo I am user $myname | md5sum | cut -d ' ' -f 1) echo "Copying passwordfile /etc/bandit_pass/$myname to /tmp/$mytarget" cat /etc/bandit_pass/$myname > /tmp/$mytargetAll we really need is the last line with the value of $mytarget substituted in (which will require $myname - which is simply whoami). But let's run $mytarget from the command line to see what it produces.
echo I am user bandit23 | md5sum | cut -d ' ' -f 1I get the following value: 8ca319486bfbbc3663ea0fbe81326349, so we can assume the password is in /tmp/8ca319486bfbbc3663ea0fbe81326349 let's cat that out to see. Use this password to log in to bandit23.
We can run all this in a single command sequence by piping the echo statement to a cat command which utilizes a gawk command to build the tmp directory. It'll look like the following:
echo I am user bandit23 | md5sum | cut -d ' ' -f 1 | cat /tmp/`gawk '{print $1}'`
No comments:
Post a Comment