Bandit Level 22 → Level 23
In this level, we'll navigate through the uses of cron jobs and bash scripting to find hidden files on a linux system.
Exploring Cron Jobs
Our first clue leads us to investigate the cron jobs for the bandit23 user. Execute the following command to reveal the contents of the cron file:
This exposes the details of a scheduled task that executes a script at specified intervals.
Decoding the Script
Now, let's inspect the contents of the script executed by the cron job:
The script is unveiled:
mytarget=$(echo I am user $myname | md5sum | cut -d ' ' -f 1)
echo "Copying passwordfile /etc/bandit_pass/$myname to /tmp/$mytarget"
cat /etc/bandit_pass/$myname > /tmp/$mytarget
Breaking it down:
- The script identifies the current user and generates an MD5 hash using a specific string.
- It then echoes the process of copying the password file from
Calculating the Hash
To unveil the target file and extract the password, we need to calculate the MD5 hash of "I am user bandit23":
echo I am user bandit23 | md5sum | cut -d ' ' -f 1
This command yields the hash we seek.
Reaping the Rewards
Now, let's retrieve the password from the calculated hash:
And there it is, the flag to the next level: