The last level really took it out of me, in a mental capacity. However, looking back at the pattern of the levels it should about time for some easier ones. Hopefully starting with the bandit level 21 level. If you haven’t had a chance to read my OverTheWire Bandit Write Up – Level 20 write up, give it a quick read then head back over here.
In bandit level 21 there is program that runs on a regular interval from cron. What the program is and when it is run is unknown however, all the details needed can be found in the
Let’s Start Hacking Then
The first thing I need to do is initiate a ssh connection to the system. I do this with the following command
ssh email@example.com -p 2220
Once the connection is started I am prompted for the password, I enter the one I got from the last level and I’m in.
Now I need to have a look at what program is running with
cron and what it is doing. To start I have a look at what files are in the cron directory with the following command.
Inside this directory are 4 files, of which one of them is clearly the one that I need to proceed named
cronjob_bandit22. This file should give me some more information about what is being run on a regular interval. Using the following command gives me that information
From this I can see that a bash script is being run every minute of every hour of every day and so on as shown by
* * * * *. I now need to see what is being done in that script with the following
From this bash script I can see that the contents of the
bandit_pass/bandit22 file is being outputted into a file in the temporary directory. Taking a copy of the file name I run the following command
…and Wham! Bam! Thank you ma’am! I have the password now for level 22.
Level 21 Complete
I have hidden the password here, if you are playing along don’t peek! Please! It’s more fun getting it yourself.
Level 22 password
Justin Byrne is a self motivated tech enthusiasts. Spending more than half his life dedicated to the tech industry. He built his first computer at the age of 11, and has been building ever since. His interests have changed across the years from system building to web programming and even a dab of software engineering, and just like his interests, his operating system has changed sometimes more then 4 times a year.