DEV Community

Cover image for Bandit Level 21 Level 22
Christian Paez
Christian Paez

Posted on

1

Bandit Level 21 Level 22

Introduction

Welcome back, fearless hacker, to the Bandit challenges! In this level, we'll learn to exploit cron jobs and bashscript files.

Previous Flag

NvEJF7oVjkddltPSrdKEFOllh9V1IBcq
Enter fullscreen mode Exit fullscreen mode

Exploring Cron Jobs

Our path to the next flag begins with exploring the cron jobs on the system. Let's list the contents of the /etc/cron.d/ directory:

ls -la /etc/cron.d/
Enter fullscreen mode Exit fullscreen mode

This reveals the existence of a cron job named cronjob_bandit22.

Analyzing Cron Job Configuration

Let's examine the configuration of the cronjob_bandit22:

cat /etc/cron.d/cronjob_bandit22
Enter fullscreen mode Exit fullscreen mode

The output indicates that there's a scheduled job running every minute as bandit22:

* * * * bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null
Enter fullscreen mode Exit fullscreen mode

Understanding the Script

cat /usr/bin/cronjob_bandit22.sh

Enter fullscreen mode Exit fullscreen mode

The script does two things: it changes the permissions of a file in /tmp/ and then copies the password for Bandit level 22 into that file.

#!/bin/bash
chmod 644 /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
cat /etc/bandit_pass/bandit22 > /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
Enter fullscreen mode Exit fullscreen mode

Retrieving the Flag

Now, let's check the contents of the file in /tmp/:

ls -la /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
Enter fullscreen mode Exit fullscreen mode

This should unveil the password for Bandit level 22:

Flag:

WdDozAdTM2z9DiFEQ2mGlwngMfj4EZff
Enter fullscreen mode Exit fullscreen mode

Heroku

Simplify your DevOps and maximize your time.

Since 2007, Heroku has been the go-to platform for developers as it monitors uptime, performance, and infrastructure concerns, allowing you to focus on writing code.

Learn More

Top comments (0)

Image of Docusign

🛠️ Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more