Kappa
“Great things are not done by impulse, but by a series of small things brought together.”
Host: bandit.labs.overthewire.org
Port: 2220
Level 22
ssh bandit22@bandit.labs.overthewire.org -p 2220
password: WdDozAdTM2z9DiFEQ2mGlwngMfj4EZff
Objective:
A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
- var_name=var_value - declare a variable
- var_name=$(command) - save output of command as variable
- $var_name - access existing variable
CLI:
bandit22@bandit:~$ ls -la /etc/cron.d
total 56
drwxr-xr-x 2 root root 4096 Oct 5 06:20 .
drwxr-xr-x 106 root root 12288 Oct 5 06:20 ..
-rw-r--r-- 1 root root 62 Oct 5 06:19 cronjob_bandit15_root
-rw-r--r-- 1 root root 62 Oct 5 06:19 cronjob_bandit17_root
-rw-r--r-- 1 root root 120 Oct 5 06:19 cronjob_bandit22
-rw-r--r-- 1 root root 122 Oct 5 06:19 cronjob_bandit23
-rw-r--r-- 1 root root 120 Oct 5 06:19 cronjob_bandit24
-rw-r--r-- 1 root root 62 Oct 5 06:19 cronjob_bandit25_root
-rw-r--r-- 1 root root 201 Jan 8 2022 e2scrub_all
-rwx------ 1 root root 52 Oct 5 06:20 otw-tmp-dir
-rw-r--r-- 1 root root 102 Mar 23 2022 .placeholder
-rw-r--r-- 1 root root 396 Feb 2 2021 sysstat
bandit22@bandit:~$ cat /etc/cron.d/cronjob_bandit23
@reboot bandit23 /usr/bin/cronjob_bandit23.sh &> /dev/null
* * * * * bandit23 /usr/bin/cronjob_bandit23.sh &> /dev/null
bandit22@bandit:~$ cat /usr/bin/cronjob_bandit23.sh #!/bin/bash myname=$(whoami) mytarget=$(echo I am user $myname | md5sum | cut -d ' ' -f 1)
echo "Copying passwordfile /etc/bandit_pass/$myname to /tmp/$mytarget"
cat /etc/bandit_pass/$myname > /tmp/$mytargetz
bandit22@bandit:~$ echo I am user bandit23 | md5sum | cut -d ' ' -f 1 8ca319486bfbbc3663ea0fbe81326349
bandit22@bandit:~$ cat /tmp/8ca319486bfbbc3663ea0fbe81326349
QYw0Y2aiA672PsMmh9puTQuhoz8SyR2G
bandit22@bandit:~$