Bandit level 22 is a continue to Bandit level 21 where you have to check for cronjobs and which commands and programs are running in order to get the next level’s password.
Let’s start by logging into bandit level 22 machine
ssh bandit22@bandit.labs.overthewire.org -p 2220 with the password we get from the previous level
Yk7owGAcWjwMVRwrTesJEwB7WVOiILLIFirst, let’s access cron.d directory
cd /etc/cron.dthen let’s get the content of cronjob_bandit23 file
@reboot bandit23 /usr/bin/cronjob_bandit23.sh &> /dev/null
* * * * * bandit23 /usr/bin/cronjob_bandit23.sh &> /dev/nullnow let’s go and open the program running and see the contents
cat /usr/bin/cronjob_bandit23.sh#!/bin/bash
myname=$(whoami)
mytarget=$(echo I am user $myname | md5sum | cut -d ' ' -f 1)
echo "Copying passwordfile /etc/bandit_pass/$myname to /tmp/$mytarget"
cat /etc/bandit_pass/$myname > /tmp/$mytargetNow let’s analyze the bash script
- first we are getting the current username by using whoami command
- then we are getting md5 hash for our user
- then we copy the password file for our user to a temp file
So the password is being saved in $mytarget variable which is md5sum for the previous command, let’s get what will be the hash for bandit23 by running the second command but with passing bandit23 as the user
echo I am user bandit23 | md5sum | cut -d ' ' -f 1and we will get the following hash
8ca319486bfbbc3663ea0fbe81326349so let’s go and read that file in tmp directory
cat /tmp/8ca319486bfbbc3663ea0fbe81326349and we will get the password for our next level
jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n
Recent Comments