Bandit Level 21 → Level 22

Bandit Level 21 → Level 22

Introduction

Welcome back, to the Bandit challenges! In this level, we'll learn to exploit cron jobs and bashscript files.

Previous Flag

NvEJF7oVjkddltPSrdKEFOllh9V1IBcq

Exploring Cron Jobs

Our path to the next flag begins with exploring the cron jobs on the system. Let's list the contents of the /etc/cron.d/ directory:

ls -la /etc/cron.d/

This reveals the existence of a cron job named cronjob_bandit22.

Analyzing Cron Job Configuration

Let's examine the configuration of the cronjob_bandit22:

cat /etc/cron.d/cronjob_bandit22

The output indicates that there's a scheduled job running every minute as bandit22:

* * * * bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null

Understanding the Script

cat /usr/bin/cronjob_bandit22.sh

The script does two things: it changes the permissions of a file in /tmp/ and then copies the password for Bandit level 22 into that file.

#!/bin/bash
chmod 644 /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
cat /etc/bandit_pass/bandit22 > /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv

Retrieving the Flag

Now, let's check the contents of the file in /tmp/:

ls -la /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv

This should unveil the password for Bandit level 22:

Flag:

WdDozAdTM2z9DiFEQ2mGlwngMfj4EZff