OverTheWire Bandit Level 22->Level 23 - Walkthrough

OverTheWire Bandit Solutions

Introduction

In this post, I will be giving you a walkthrough to the Bandit wargame Level 22->Level 23. The player needs to utilize the cron learnings from the previous level and have some knowledge about the variables in shell scripting.

Goal

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

Login Details

Server - bandit.labs.overthewire.org
Port - 2220
Username - bandit22
Password - WdDozAdTM2z9DiFEQ2mGlwngMfj4EZff

Theory

In the previous level, I had given the explanation about cron. The new concept required to understand to clear this level is variables in shell scripting.

Variables in shell is a character string that stores some value. It could be an integer, filename, string or some shell command itself. It is basically a pointer to the actual data stored in memory. Syntax for defining a variable to store a value or command -:

• VariableName = Value
• VaribaleName = $command

To access the value of an existing variable, the syntax is -:

• $VariableName

Solution

SSH into the user bandit22 using the command "ssh bandit22@bandit.labs.overthewire.org -p 2220" and the above password. Navigate to the directory /etc/cron.d and see the files present. We will check specifically "cronjob_bandit23" for this level. Type the commands-:

• cd /etc/cron.d
• ls
• cat cronjob_bandit23

The cronjob runs the /usr/bin/cronjob_bandit23.sh file as bandit23 user. Therefore, we will see the bash file contents. Type the command "cat /usr/bin/cronjob_bandit23.sh".

The last line of the script is similar to the one we saw in the previous level. It copies the password from a file and pastes it in another file. 

The variable "myname" stores the output from the command "whoami". Since the script will be run as user bandit23, the variable will have the value bandit23.
Another vairable "mytarget" stores the output from a command. md5sum command in bash scripting is used to compute and check MD5 hashes, a unique digital signature. cut command is used to slice a line and extract the text of the input.

Therefore, the password will be copied from the file /etc/bandit_pass/bandit23 and will be written to a file in the /tmp folder. To get the file name in which the password will be pasted, we need to replace $myname with bandit23 and execute the command. Type the command "echo I am user bandit23 | md5sum | cut -d ' ' -f 1".

Now, type the command "cat /tmp/8ca319486bfbbc3663ea0fbe81326349" to get the password.

This completes the Level 23 walkthrough as we have got the password. Please post your comments and suggestions in the comments.