The last level really took it out of me, in a mental capacity. However, looking back at the pattern of the levels it should about time for some easier ones. Hopefully starting with the bandit level 21 level. If you haven’t had a chance to read my OverTheWire Bandit Write Up – Level 20 write up, give it a quick read then head back over here.

Level 21

In bandit level 21 there is program that runs on a regular interval from cron. What the program is and when it is run is unknown however, all the details needed can be found in the /etc/cron.d/ directory

Let’s Start Hacking Then

The first thing I need to do is initiate a ssh connection to the system. I do this with the following command

ssh bandit21@bandit.labs.overthewire.org -p 2220

Once the connection is started I am prompted for the password, I enter the one I got from the last level and I’m in.

Now I need to have a look at what program is running with cron and what it is doing. To start I have a look at what files are in the cron directory with the following command.

ls /etc/cron.d/

Inside this directory are 4 files, of which one of them is clearly the one that I need to proceed named cronjob_bandit22. This file should give me some more information about what is being run on a regular interval. Using the following command gives me that information

cat /etc/cron.d/cronjob_bandit22

From this I can see that a bash script is being run every minute of every hour of every day and so on as shown by * * * * *. I now need to see what is being done in that script with the following

cat /usr/bin/cronjob_bandit22.sh

From this bash script I can see that the contents of the bandit_pass/bandit22 file is being outputted into a file in the temporary directory. Taking a copy of the file name I run the following command

cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv

…and Wham! Bam! Thank you ma’am! I have the password now for level 22.

Level 21 Complete

I have hidden the password here, if you are playing along don’t peek! Please! It’s more fun getting it yourself.

Categories:Hacking

Justin Byrne

Justin Byrne is a self motivated tech enthusiasts. Spending more than half his life dedicated to the tech industry. He built his first computer at the age of 11, and has been building ever since. His interests have changed across the years from system building to web programming and even a dab of software engineering, and just like his interests, his operating system has changed sometimes more then 4 times a year.

0 Comments

Leave a Reply