A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
Commands you may need to solve this level
cron, crontab, crontab(5) (use “man 5 crontab” to access this)
From the level goal, we can first visit /etc/cron.d and find some files. In particular the file named cronjob_bandit22 seem to be the one we might be interested. It shows the location of a cron_job_bandit22.sh script. We once again, look at the script.
cat cronjob_bandit22 * * * * * bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null cat /usr/bin/cronjob_bandit22.sh #!/bin/bash chmod 644 /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv cat /etc/bandit_pass/bandit22 > /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
Someone is dumping the password of bandit22 into a tmp file. We once again cat the tmp file and find the next password.
cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI