A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
NOTE: Looking at shell scripts written by other people is a very useful skill. The script for this level is intentionally made easy to read. If you are having problems understanding what it does, try executing it to see the debug information it prints.
cron, crontab, crontab(5) (use “man 5 crontab” to access this)
1 2 3 4 5 6 > whatis cron cron (8) - daemon to execute scheduled commands (Vixie Cron) > whatis crontab crontab (1) - maintain crontab files for individual users (Vixie Cron) crontab (5) - tables for driving cron
Since we know there is a task that is being executed by cron let’s have a look at all the cron jobs on the system
1 2 3 bandit22@bandit:~$ ls /etc/cron.d/ cronjob_bandit15_root cronjob_bandit22 cronjob_bandit24 cronjob_bandit17_root cronjob_bandit23 cronjob_bandit25_root
Since we require the password for bandit23 the task that we are looking for should be
1 2 3 bandit22@bandit:~$ cat /etc/cron.d/cronjob_bandit23 @reboot bandit23 /usr/bin/cronjob_bandit23.sh &> /dev/null * * * * * bandit23 /usr/bin/cronjob_bandit23.sh &> /dev/null
When we look at the cron job for bandit23 we see that there is a shell script that is being executed every second
(For detailed information on the syntax of cron jobs refer to the attached resources)
Let’s have a look at the contents of the script and try to understand what is it trying to perform
1 2 3 4 5 6 7 8 9 bandit22@bandit:~$ cat /usr/bin/cronjob_bandit23.sh #!/bin/bash myname=$(whoami) mytarget=$(echo I am user $myname | md5sum | cut -d ' ' -f 1) echo "Copying passwordfile /etc/bandit_pass/$myname to /tmp/$mytarget" cat /etc/bandit_pass/$myname > /tmp/$mytarget
Let’s break down the script line by line
- The output of
whoamicommand is getting saved in a variable called
myname(Since this script is being executed for bandit23 the output of
bandit23which is saved in the
- Next the sentence “I am user bandit23” is passed to the
md5sumcommand which will calculate the md5sum of the given string. Lastly using the
cutcommand the first field from the output of the
md5sumcommand is selected and saved in the variable
- Then a file is created in the /tmp directory with the name of the file being the same as the value of “mytarget”
- And finally, the password of bandit23 is saved into that file
So looking at this script we can say that our goal is to find the value of “mytarget”. Since we know that the value of “myname” is bandit23 let’s see if we can able to generate the value of “mytarget”.
1 2 bandit22@bandit:~$ echo "I am user bandit23" | md5sum | cut -d ' ' -f 1 8ca319486bfbbc3663ea0fbe81326349
We have got the value of “mytarget” that the script creates for bandit23. Now that we have the value let’s get the password for bandit23
View the content of the file
8ca319486bfbbc3663ea0fbe81326349 that is present in the
1 2 bandit22@bandit:~$ cat /tmp/8ca319486bfbbc3663ea0fbe81326349 jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n
And there we go we have the password for the next level !!!
Logout of the current session and start the next level as bandit23
1 2 3 4 > ssh firstname.lastname@example.org -p 2220 This is a OverTheWire game server. More information on http://www.overthewire.org/wargames email@example.com's password: jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n