Bandit Level 22 Solution

Bandit level 22 is a continue to Bandit level 21 where you have to check for cronjobs and which commands and programs are running in order to get the next level’s password.

Let’s start by logging into bandit level 22 machine

ssh -p 2220  

with the password we get from the previous level


First, let’s access cron.d directory

cd /etc/cron.d

then let’s get the content of cronjob_bandit23 file

@reboot bandit23 /usr/bin/  &> /dev/null
* * * * * bandit23 /usr/bin/  &> /dev/null

now let’s go and open the program running and see the contents

cat /usr/bin/

mytarget=$(echo I am user $myname | md5sum | cut -d ' ' -f 1)

echo "Copying passwordfile /etc/bandit_pass/$myname to /tmp/$mytarget"

cat /etc/bandit_pass/$myname > /tmp/$mytarget

Now let’s analyze the bash script

  • first we are getting the current username by using whoami command
  • then we are getting md5 hash for our user
  • then we copy the password file for our user to a temp file

So the password is being saved in $mytarget variable which is md5sum for the previous command, let’s get what will be the hash for bandit23 by running the second command but with passing bandit23 as the user

echo I am user bandit23 | md5sum | cut -d ' ' -f 1

and we will get the following hash


so let’s go and read that file in tmp directory

cat /tmp/8ca319486bfbbc3663ea0fbe81326349

and we will get the password for our next level