Bandit level 23 will take you to next step where you are required to run your own bash script in order to get the password for the next level.
So , Let’s start by logging into bandit level 23 machine
ssh bandit23@bandit.labs.overthewire.org -p 2220 and with the password we get from the previous level
jc1udXuA1tiHqjIsL8yaapX5XIAI6i0njust like the earlier level, we will go and check cron.d directory
cd /etc/cron.dthen let’s open cronjob_bandit24 and check the content
@reboot bandit24 /usr/bin/cronjob_bandit24.sh &> /dev/null
* * * * * bandit24 /usr/bin/cronjob_bandit24.sh &> /dev/nullnow, let’s go to that file and read it
#!/bin/bash
myname=$(whoami)
cd /var/spool/$myname
echo "Executing and deleting all scripts in /var/spool/$myname:"
for i in * .*;
do
if [ "$i" != "." -a "$i" != ".." ];
then
echo "Handling $i"
owner="$(stat --format "%U" ./$i)"
if [ "${owner}" = "bandit23" ]; then
timeout -s 9 60 ./$i
fi
rm -f ./$i
fi
done
Now, let’s start analyzing the script
- first we will get the current user name
- second we change the directory to /var/spool/
- after that we will execute all files that are in the directory and remove them after execution
- inside the for loop, we will check if the owner is bandit of the file is bandit23 then we will run a command for 60 seconds
- then we remove the file executed and go for the next one
first, let’s go to that directory
cd /var/spool/bandit24and let’s create a script that will get us the password for bandit 24
#!/bin/bash
cat /etc/bandit_pass/bandit24 > /tmp/asd/new Then, let’s change the permission to allow it to be executed by anyone
chmod 777 ourprogram.shand don’t forget to change the permissions to the file you want to save the password to
chmod 666 /tmp/asd/newyou can wait for few seconds, then output the above file content and you should get the next level password
UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ
Recent Comments