Level Goal
A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

NOTE: This level requires you to create your own first shell-script. This is a very big step and you should be proud of yourself when you beat this level!

NOTE 2: Keep in mind that your shell script is removed once executed, so you may want to keep a copy around…

Commands you may need to solve this level: cron, crontab, crontab(5) (use “man 5 crontab” to access this)

Walkthrough
So lets see what script the cronjob is executing
ls /etc/cron.d

We probably need to see what the script for bandit24 does, just like lasttime.
$ cat /etc/cron.d/cronjob_bandit24
$ cat /usr/bin/cronjob_bandit24.sh

so it executes all scripts in /var/spool/$myname, where myname is the command whoami so this should be bandit24. We know that the script should go in /var/spool/bandit24.

Lets enter our folder in tmp if it still exists.
$ cd /tmp/kadeeli if it doesn’t we make one with $ mkdir

So we can use the script from the last challange and edit it a bit.

#!/bin/bash
myname=$(whoami)
mytarget=$(echo I am user $myname | md5sum | cut -d ' ' -f 1)
echo "Copying passwordfile /etc/bandit_pass/$myname to /tmp/$mytarget"
cat /etc/bandit_pass/$myname > /tmp/$mytarget

So lets remove the echo we don’t need that and edit the file where he writes the text to. I came up with this:

me=$(whoami)
mytarget=$(echo I am user $myname | md5sum | cut -d ' ' -f 1)
cat /etc/bandit_pass/$myname > /tmp/kadeeli/bandit24.txt

Before we move this, we need to make it executable and give everyone permissions. For simplicity lets make it 777
$ chmod 777 bandit24.sh

To be sure lets make the textfile and give it the permissions 777 aswell.
$ touch bandit24.txt
$ chmod 777 bandit24.txt
Also make the tmp folder 777, $ chmod 777 /tmp/kadeeli

Lets do an $ ls -la to see how the files look like in /tmp/kadeeli
Okay the permissions did set, lets copy this file to /var/spool/bandit24/
$ cp /tmp/kadeeli/bandit24.sh /var/spool/bandit24/bandit24kadeeli.sh

Lets see if it did copy
$ ls /var/spool/bandit24
bandit24kadeeli.sh

It did good, now wait for a minute to see if we got something in the bandit24.txt
cat bandit24.txt
It is empty, okaay, lets run this script ourself, it says cat: /etc/bandit_pass/: Is a directory. Lets look at the script again.

We did not copy it right, the first variable is me instead of myname. Lets change me to myname and try it again and we got the password op bandit23. Now lets move it to /var/spool/bandit24 again and wait for a minute.
$ cp /tmp/kadeeli/bandit24.sh /var/spool/bandit24/bandit24kadeeli.sh

Did the contents of bandit24.txt change?
$ cat bandit24.txt
UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ

There is the password: UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ

Leave a Reply

Your email address will not be published. Required fields are marked *