A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
NOTE: Looking at shell scripts written by other people is a very useful skill. The script for this level is intentionally made easy to read. If you are having problems understanding what it does, try executing it to see the debug information it prints.
So lets see what script the cronjob is executing
It is executing a file /usr/bin.cronjob_bandit23.sh, lets cat this file
So there are two variables, one is the myname who executes the whoami command and saves it. So this would be the username of the user. The second one is a variable name mytarget wich echoes myname, pipes this to md5sum which makes an md5 hash of the name and then cuts the contents.
Then is copies the passwordfile of the whoami to the mytarget variable, wich is an md5sum of the username.
So lets see what this md5sum does.
echo bandit23 | md5sum
So is there a folder in /tmp with this md5 has? No there is not. I checked the script again, it does not just echo the whoami but also some text. So this changed the hash. Lets do those steps over
echo I am user bandit23 | md5sum
and there is the password: jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n