Level 22¶
Objectives¶
- SSH to
bandit21
- Find out what the cronjob is doing
Objective 1¶
- Username:
bandit21
- Password:
gE269g2h3mw3pwgrj0Ha9Uoqen1c9DGr
- Port:
2220
- IP/Hostname:
bandit.labs.overthewire.org
user@localhost:~$ ssh -p 2220 [email protected]
Success!
Objective 2¶
Now we need to look at the /etc/cron.d/
directory.
bandit21@bandit:~$ ls -latr /etc/cron.d/
total 28
-rw-r--r-- 1 root root 189 Jan 25 2017 atop
-rw-r--r-- 1 root root 102 Oct 7 2017 .placeholder
-rw-r--r-- 1 root root 120 Oct 16 2018 cronjob_bandit22
-rw-r--r-- 1 root root 122 Oct 16 2018 cronjob_bandit23
-rw-r--r-- 1 root root 120 Oct 16 2018 cronjob_bandit24
drwxr-xr-x 88 root root 4096 Aug 3 2019 ..
drwxr-xr-x 2 root root 4096 Dec 4 01:58 .
Now let's see what we can see:
bandit21@bandit:~$ cat /etc/cron.d/*
PATH=/bin:/usr/bin:/sbin:/usr/sbin
# daily restart of atop at midnight
0 0 * * * root if [ -d "/run/systemd/system" ]; then systemctl restart atop; else /usr/share/atop/atop.daily \& ; fi
@reboot bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null
* * * * * bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null
@reboot bandit23 /usr/bin/cronjob_bandit23.sh &> /dev/null
* * * * * bandit23 /usr/bin/cronjob_bandit23.sh &> /dev/null
@reboot bandit24 /usr/bin/cronjob_bandit24.sh &> /dev/null
* * * * * bandit24 /usr/bin/cronjob_bandit24.sh &> /dev/null
Since our next level is bandit22
, let's see what /usr/bin/cronjob_bandit22.sh
does.
bandit21@bandit:~$ cat /usr/bin/cronjob_bandit22.sh
#!/bin/bash
chmod 644 /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
cat /etc/bandit_pass/bandit22 > /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
Now let's see what's in /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
bandit21@bandit:~$ cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI