Bandit23
Website URL: http://overthewire.org/wargames/bandit/bandit23.html
Let’s log into the game server as bandit22.
Task for this one:
A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
NOTE: Looking at shell scripts written by other people is a very useful skill. The script for this level is intentionally made easy to read. If you are having problems understanding what it does, try executing it to see the debug information it prints.
Let’s see the directory contents
ls /etc/cron.d
It seems that cronjob_bandit23 is the relevant file. Let’s see its contents.
Now let’s look at this script.
cat /usr/bin/cronjob_bandit23.sh
The script at /usr/bin/cronjob_bandit23.sh seems to be working as follows.
- Assigns the result of whoami command to myname
- Generates a string and then generates a MD5 hash of it
- Then it saves the password to a file with having the hash as its name
Noticing the last name, we can figure out that myname is bandit23. Now as to finding the string, lets execute the statement to generate the filename.
echo I am user bandit23 | md5sum
Now, let’s see if there is a file in /tmp directory with this filename 8ca319486bfbbc3663ea0fbe81326349
cat /tmp/8ca319486bfbbc3663ea0fbe81326349Mission accomplished!