Level: 0→1
Level: 1→2
Level: 2→3
Level: 3→4
Level: 4→5
Level: 5→6
Level: 6→7
Level: 7→8
Level: 8→9
Level: 9→10
Level: 10→11
Level: 11→12
Level: 12→13
Level: 13→14
Level: 14→15
Level: 15→16
Level: 16→17
Level: 17→18
Level: 18→19
Level: 19→20
Level: 20→21
Level: 21→22
Level: 22→23
Level: 23→24
Level: 24→25
Level: 25→26
Level: 26→27
Level: 27→28
Level: 28→29
Level: 29→30
Level: 30→31
Level: 31→32
Level: 32→33
Level: 33→34

~ Level 23→24 ~

Level Description

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

NOTE: This level requires you to create your own first shell-script. This is a very big step and you should be proud of yourself when you beat this level!

NOTE 2: Keep in mind that your shell script is removed once executed, so you may want to keep a copy around…

Commands that may be used: cron, crontab, and crontab(5) (use “man 5 crontab” to access this)

Research Before Solving

Research will once again be done during the solution walkthrough.

Solution Walkthrough

Next we will view the contents of the cronjob_bandit24 file with cat.

Next, we must view the contents of the script file with cat /usr/bin/cronjob_bandit24.sh

contents of /usr/bin/cronjob_bandit24.sh

The script starts by navigating to the /var/spool/$myname directory. A statement is then printed to the screen using echo. The next portion creates a loop. For each file within the directory, except for . (current directory) and .. (previous directory), each file will be executed as bandit24 at the top of every minute. The file will then be deleted from the system. Long story short, we need to write a script that can read the password in the /etc/bandit_pass/ directory and then send the output to a file within the /tmp/user directory where we can access it.

To start this process we will create a directory of /tmp/user and then set it's permissions with chmod 777 /tmp/user. This allows all users the ability to write changes to the directory. Navigate to this directory and create two files using touch . Mine are called meow.sh and password.txt respectively. We must use the .sh extension in order for the file to be ran as a script! We must also set permissions here so that the files can be executed or written to by any user, we do this with chmod 777 filename. Next, use vim meow.sh to edit the script file. Hit i to insert and then write a script as follows:

To exit vim, hit esc then type :wq to write the changes and quit. We now need to use cp to copy the shell script to the /var/spool/bandit24 directory so that it may be ran for us! After that is done, simply wait for a minute or two and check the password file we created inside of the /tmp/user directory.

BOOM! The password is there for us as expected: UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ

Before moving to the next level, use rm meow.sh password.txt to remove the files we created. Then, move up one directory with cd .. and remove the /user directory with rmdir /tmp/user. You may now move on to the next level!

Previous Level

Next Level