MayADevBe Blog

A Blog about Computer Science

OverTheWire Bandit Level 21 -> 22 - Walkthrough

Published - 2022-05-09 | 2min

Previous Level: Level 21

Login

SSH: ssh bandit21@bandit.labs.overthewire.org -p 2220

Password: gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr

Task

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

A little bit of Theory

As described in the task, cronjobs are programs running automatically at regular intervals. In Linux, there are multiple folders that can contain these cronjobs: cron.d, cron.daily, cron.hourly, cron.monthly, crontab, cron.weekly. The folders contain files with instructions on how the programs are run. It starts with the first five columns, which indicate at what time/interval the program should be done. Next is the command/program that is to be executed.

Solution

First, we look at what is in the ‘/etc/cron.d’ folder. Specifically, for this level, I looked at the cronjob ‘cronjob_bandit22’.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

bandit21@bandit:~$ ls -la /etc/cron.d
total 36
drwxr-xr-x  2 root root 4096 Jul 11  2020 .
drwxr-xr-x 87 root root 4096 May 14  2020 ..
-rw-r--r--  1 root root   62 May 14  2020 cronjob_bandit15_root
-rw-r--r--  1 root root   62 Jul 11  2020 cronjob_bandit17_root
-rw-r--r--  1 root root  120 May  7  2020 cronjob_bandit22
-rw-r--r--  1 root root  122 May  7  2020 cronjob_bandit23
-rw-r--r--  1 root root  120 May 14  2020 cronjob_bandit24
-rw-r--r--  1 root root   62 May 14  2020 cronjob_bandit25_root
-rw-r--r--  1 root root  102 Oct  7  2017 .placeholder
bandit21@bandit:~$ cat /etc/cron.d/cronjob_bandit22
@reboot bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null
* * * * * bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null

This cronjob runs the /usr/bin/cronjob_bandit22.sh file as bandit22 user. The five stars indicate it is run every minute, every day. To know what exactly is executed, we need to take a look at the bash file.

1
2
3
4

bandit21@bandit:~$ cat /usr/bin/cronjob_bandit22.sh
#!/bin/bash
chmod 644 /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
cat /etc/bandit_pass/bandit22 > /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv

This file creates a file in the ’tmp’ folder and gives read permission to everyone (indicated by the last 4). Then it copies the input of the bandit22 password file into the newly created file.

So the password to the next level is in this created file:

1
2

bandit21@bandit:~$ cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI

https://overthewire.org/wargames/bandit/bandit22.html

Next Level: Level 23


Share on:
Comments:
Related Content:
OverTheWire Bandit Level 32 -> 33 - Walkthrough

A walkthrough of Level 32 -> 33 of the Bandit wargame from OverTheWire. - Linux Variables and shell escape.

OverTheWire Bandit Level 31 -> 32 - Walkthrough

A walkthrough of Level 31 -> 32 of the Bandit wargame from OverTheWire. - Git Push, Commit, Ignore, Add.