Labels

OverTheWire Bandit Level 21->Level 22 - Walkthrough

Cybersecurity - OverTheWire Bandit Solutions
OverTheWire Bandit Solutions


Introduction

In this post, I will be giving you a walkthrough to the Bandit wargame Level 21->Level 22. The new concept used in this level is cron jobs. The player needs to have knowledge about cron to clear this level.

Goal

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

Login Details

Server - bandit.labs.overthewire.org
Port - 2220
Username - bandit21
Password - NvEJF7oVjkddltPSrdKEFOllh9V1IBcq

Theory

cron is a utility in linux which reads the crontab(cron tables) for running predefined scripts. By using a specific syntax, we can schedule cron jobs to run scripts periodically. The syntax for crontab is as below-:

  • minute hour DayOfMonth month DayOfWeek CommandOrScript

For a user to have access to crontab, the user should be added to the file '/etc/cron.allow' by the admin.

chmod is a command used in the script in this level that cron executes periodically. It is used to modify the permissions(read, write and execute) associated with a file.

Linux permissions can be represented in numbers where the first digit is for owner permissions, second for group permissions and the third is for other users. The numeric values for the permissions are as follows-:

  • r(read): 4
  • w(write): 2
  • x(execute): 1

So if the permissions are 644, it will be understood as read and write permission for owner, read permission for group and for all the other users.

Solution

SSH into the user bandit21 using the command "ssh bandit21@bandit.labs.overthewire.org -p 2220" and the above password. Navigate to the directory /etc/cron.d and see the files present. We will check specifically "cronjob_bandit22" for this level. Type the commands-:

  • cd /etc/cron.d
  • ls
  • cat cronjob_bandit22

This cronjob runs the /usr/bin/cronjob_bandit22.sh file as bandit22 user. Therefore, we will see the bash file contents. Type the command "cat /usr/bin/cronjob_bandit22.sh".

The script creates a file in the /tmp folder and gives 644 permissions. Further, it copies the input of the file /etc/bandit_pass/bandit22 into the newly created file.

Type the command "cat /tmp/t706lds950RqQh9aMcz6ShpAoZKF7fgv" to get the password.

This clears the Level 22 walkthrough. Please post your questions and suggestions in the comments.

Labels:

Comments

Post a Comment

Popular Posts