DEV Community

Cover image for Bandit Level 21 Level 22
Christian Paez
Christian Paez

Posted on

Bandit Level 21 Level 22

Introduction

Welcome back, fearless hacker, to the Bandit challenges! In this level, we'll learn to exploit cron jobs and bashscript files.

Previous Flag

NvEJF7oVjkddltPSrdKEFOllh9V1IBcq
Enter fullscreen mode Exit fullscreen mode

Exploring Cron Jobs

Our path to the next flag begins with exploring the cron jobs on the system. Let's list the contents of the /etc/cron.d/ directory:

ls -la /etc/cron.d/
Enter fullscreen mode Exit fullscreen mode

This reveals the existence of a cron job named cronjob_bandit22.

Analyzing Cron Job Configuration

Let's examine the configuration of the cronjob_bandit22:

cat /etc/cron.d/cronjob_bandit22
Enter fullscreen mode Exit fullscreen mode

The output indicates that there's a scheduled job running every minute as bandit22:

* * * * bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null
Enter fullscreen mode Exit fullscreen mode

Understanding the Script

cat /usr/bin/cronjob_bandit22.sh

Enter fullscreen mode Exit fullscreen mode

The script does two things: it changes the permissions of a file in /tmp/ and then copies the password for Bandit level 22 into that file.

#!/bin/bash
chmod 644 /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
cat /etc/bandit_pass/bandit22 > /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
Enter fullscreen mode Exit fullscreen mode

Retrieving the Flag

Now, let's check the contents of the file in /tmp/:

ls -la /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
Enter fullscreen mode Exit fullscreen mode

This should unveil the password for Bandit level 22:

Flag:

WdDozAdTM2z9DiFEQ2mGlwngMfj4EZff
Enter fullscreen mode Exit fullscreen mode

Top comments (0)