Level Goal
A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

Commands you may need to solve this level: cron, crontab, crontab(5) (use “man 5 crontab” to access this)

Walkthrough
So lets go to the folder of /etc/crond.d cd /etc/crond.d and use ls to see what is in here ls -la. So there is a cronjob for bandit22, bandit23 and bandit24. We probably need the one for bandit22.

Lets see what this cronjob does. cat cronjob_bandit22
@reboot bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null
* * * * * bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null

It runs /usr/bin/cronjon_bandit22.sh, lets cat this file and see. cat /usr/bin/cronjob_bandit22.sh
#!/bin/bash
chmod 644 /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
cat /etc/bandit_pass/bandit22 > /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv

It seems like it changes the permissions of /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv and then cats the output of /etc/bandit_pass/bandit22 to /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv. So it copies the password to /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv. Lets cat this file. cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv

It outputs us the password of bandit22: Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI

Leave a Reply

Your email address will not be published. Required fields are marked *