Previous Level: Level 23
ssh email@example.com -p 2220
A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
A little bit of Theory
This level starts the same way as the previous ones. I looked at the cronjobs and what file gets executed.
The script executes and deletes all files in the folder ‘/var/spool/bandit24’. This is the case because it is run as bandit24 user, so the variable ‘myname’ contains the value ‘bandit24’. The for loop goes through the files. The first if statement makes sure the directories ‘.’ and ‘..’, which are representing the current and previous folders, are ignored. Inside the if statement is the code to execute a script, but only if the owner is bandit23. Then the file will be deleted.
Since we are currently logged in as bandit23 user, we can create a script that will give us the password for bandit24. First, create a file in the ’tmp’ folder. This prevents an early deletion of the file and you have a copy in case something went wrong. Then move the file to the folder ‘/var/spool/bandit24’ and it will be executed.
You can either echo the lines in the file or use a text editor like nano or vim. In nano, you can use CTRL+S to save and CTRL+X to quit.
I oriented myself on the previously seen scripts, but there are a lot of methods to write this. The first line is, as always, the shebang, indicating that it is a bash script. The second line writes the password from bandit24 into a file in the created folder.
Now you only need to give the necessary permissions to the folder and the file. Finally, move the file into the correct folder. I also created the output file and gave it full permissions.
Once this is done, you only need to wait for a minute and read the password file. If the file is empty, check the permissions and the script for any writing errors.
Edit (10.02.2023): This level has been slightly changed, the folder - in which the script needs to be copied - changed - this can lead to a Permission Error when trying to use the ‘cp’ command. Make sure to check the cronjob script for the correct folder.
Next Level: Level 25