Bandit Level 22 → Level 23
Introduction
In this level, we'll navigate through the uses of cron jobs and bash scripting to find hidden files on a linux system.
Previous Flag
WdDozAdTM2z9DiFEQ2mGlwngMfj4EZff
Exploring Cron Jobs
Our first clue leads us to investigate the cron jobs for the bandit23 user. Execute the following command to reveal the contents of the cron file:
cat /etc/cron.d/cronjob_bandit23
This exposes the details of a scheduled task that executes a script at specified intervals.
Decoding the Script
Now, let's inspect the contents of the script executed by the cron job:
cat /usr/bin/cronjob_bandit23.sh
The script is unveiled:
#!/bin/bash
myname=$(whoami)
mytarget=$(echo I am user $myname | md5sum | cut -d ' ' -f 1)
echo "Copying passwordfile /etc/bandit_pass/$myname to /tmp/$mytarget"
cat /etc/bandit_pass/$myname > /tmp/$mytarget
Breaking it down:
- The script identifies the current user and generates an MD5 hash using a specific string.
- It then echoes the process of copying the password file from
/etc/bandit_pass/$myname
to/tmp/$mytarget
.
Calculating the Hash
To unveil the target file and extract the password, we need to calculate the MD5 hash of "I am user bandit23":
echo I am user bandit23 | md5sum | cut -d ' ' -f 1
This command yields the hash we seek.
Reaping the Rewards
Now, let's retrieve the password from the calculated hash:
cat /tmp/8ca319486bfbbc3663ea0fbe81326349
And there it is, the flag to the next level:
QYw0Y2aiA672PsMmh9puTQuhoz8SyR2G