Bandit Level 23 Solution

Bandit level 23 will take you to next step where you are required to run your own bash script in order to get the password for the next level.

So , Let’s start by logging into bandit level 23 machine

ssh -p 2220  

and with the password we get from the previous level


just like the earlier level, we will go and check cron.d directory

cd /etc/cron.d

then let’s open cronjob_bandit24 and check the content

@reboot bandit24 /usr/bin/ &> /dev/null
* * * * * bandit24 /usr/bin/ &> /dev/null

now, let’s go to that file and read it



cd /var/spool/$myname
echo "Executing and deleting all scripts in /var/spool/$myname:"
for i in * .*;
    if [ "$i" != "." -a "$i" != ".." ];
        echo "Handling $i"
        owner="$(stat --format "%U" ./$i)"
        if [ "${owner}" = "bandit23" ]; then
            timeout -s 9 60 ./$i
        rm -f ./$i

Now, let’s start analyzing the script

  • first we will get the current user name
  • second we change the directory to /var/spool/
  • after that we will execute all files that are in the directory and remove them after execution
  • inside the for loop, we will check if the owner is bandit of the file is bandit23 then we will run a command for 60 seconds
  • then we remove the file executed and go for the next one

first, let’s go to that directory

cd /var/spool/bandit24

and let’s create a script that will get us the password for bandit 24

cat /etc/bandit_pass/bandit24 > /tmp/asd/new        

Then, let’s change the permission to allow it to be executed by anyone

chmod 777

and don’t forget to change the permissions to the file you want to save the password to

chmod 666 /tmp/asd/new

you can wait for few seconds, then output the above file content and you should get the next level password