{"id":832,"date":"2015-03-08T18:56:12","date_gmt":"2015-03-08T18:56:12","guid":{"rendered":"https:\/\/www.hackmethod.com\/?p=832"},"modified":"2022-06-03T05:39:11","modified_gmt":"2022-06-03T05:39:11","slug":"overthewire-bandit-22","status":"publish","type":"post","link":"https:\/\/hackmethod.com\/overthewire-bandit-22\/","title":{"rendered":"OvertheWire – Bandit 22"},"content":{"rendered":"

[et_pb_section fb_built=”1″ admin_label=”section” _builder_version=”3.22″][et_pb_row admin_label=”row” _builder_version=”3.25″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text admin_label=”Text” _builder_version=”4.7.5″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” hover_enabled=”0″ sticky_enabled=”0″]Recap of Level 21:<\/strong> Learned about creating a simple data communication link between hosts.
<\/strong><\/p>\n

 <\/p>\n

Bandit Level 22<\/strong><\/a><\/p>\n

Objective:<\/strong><\/h4>\n

Find the password to the next level<\/p>\n

Intel Given:<\/strong><\/h4>\n

A program is running automatically at regular intervals from cron<\/b>, the time-based job scheduler. Look in \/etc\/cron.d\/<\/b> for the configuration and see what command is being executed.<\/p>\n

<\/p>\n

How to:<\/strong><\/h4>\n

Our intel seems pretty straightforward for this level. There\u2019s a script in cron, the script scheduler that let\u2019s users and programs create and select scripts and programs to execute at a certain time, that contains the password. Cron can be used to schedule things to run daily, weekly, monthly, or hourly. It is a powerful tool to automatically set up backups, download and install updates, and anything else that needs to be run at a certain time. Our intel suggests that we should look in the cron directory so let\u2019s take a look.<\/p>\n

\"bandit22-1\"<\/a><\/p>\n

cronjob_bandit22 looks promising so let\u2019s open it up. Cron\u2019s format is a little unorthodox so let\u2019s take a look. there are 5 spaces for specifying what time to run the script or program. If the space isn\u2019t needed a star is used as a placeholder. The first position is used to denote , the minute using a value between 0-59. The second one is hour, using the 24 hour clock, meaning values between 0-23. The third place is used for day of the month, \u00a0using values ranging from 1-31. The fourth space is month, specified by numbers between 1-12. The fifth position is used for day of the week, depending on the distribution 0 or 7 could be Sunday, I recommend checking on any distribution that you\u2019re not sure about. The next part of a cron job is the username that executes the job. The final part of the cron job command is the script or program that is to be executed.<\/p>\n

If you\u2019re having trouble visualizing this here\u2019s a graphic from adminschoice.com<\/p>\n

* \u00a0\u00a0\u00a0 * \u00a0\u00a0 * \u00a0\u00a0 * \u00a0\u00a0\u00a0 * \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0command to be executed
– \u00a0\u00a0\u00a0 –\u00a0\u00a0\u00a0 – \u00a0\u00a0 – \u00a0\u00a0 –
| \u00a0\u00a0\u00a0 | \u00a0\u00a0\u00a0 | \u00a0\u00a0\u00a0 |\u00a0\u00a0\u00a0 |
| \u00a0\u00a0\u00a0 | \u00a0\u00a0\u00a0 | \u00a0\u00a0\u00a0 |\u00a0\u00a0\u00a0 +—– day of week (0 – 6) (Sunday=0)
| \u00a0\u00a0\u00a0 | \u00a0\u00a0\u00a0 | \u00a0\u00a0\u00a0 +——- month (1 – 12)
| \u00a0\u00a0\u00a0 | \u00a0\u00a0\u00a0 +——— day of \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0month (1 – 31)
| \u00a0\u00a0\u00a0 +———– hour (0 – 23)
+————- min (0 – 59)<\/p>\n

There\u2019s also a tool for showing what a proper cron configuration should look like for whatever you would like at corntab.com http:\/\/www.corntab.com\/pages\/crontab-gui<\/a>.\u00a0Edit: User Christian has emailed us and told of us another cool alternative\u00a0http:\/\/crontab.guru\/<\/a><\/em><\/p>\n

Now that we know the basics of cron let\u2019s take a look at the script we have at hand.<\/p>\n

\"bandit22-2\"<\/a><\/p>\n

Looks like this script is set to run every minute of every hour of every day of the month of every month and every day of the week. If this had been a resource intense one like a backup across a network it could cause some serious problems. I have a feeling, however that it is pretty small and doesn\u2019t take up a lot of resources. So to further investigate let\u2019s see what the script does.<\/p>\n

\"bandit22-3\"<\/a><\/p>\n

looks like this script changes the file permissions of a file in the \/tmp\/ directory to enable the read and write permission for the user, and read permission for the group and everyone else. The \/tmp directory is similar to the temp file folder in Windows, it\u2019s used to create random directory and file names for use in programs and scripts. The second line in the script looks like it reads the file bandit22 in the \/etc\/bandit_pass\/ directory and then uses the greater than sign (>). In Linux this is used to write text from one file to another, so the file bandit22 is essentially being copied to the \/tmp\/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv file. If we wanted to write more than one file to a file we would have to add another of the brackets like so >>, this tells the shell that instead of writing over the file to add them to the bottom of the file. This technique is mostly used to write outputs to logs that otherwise would go to the standard output. Anyway let\u2019s find that password.<\/p>\n

The script wrote it to the file in the \/tmp\/ directory so let\u2019s try to cat it.<\/p>\n

\"bandit22-4\"<\/a><\/p>\n

Alright looks good!<\/p>\n

Conclusion:<\/strong><\/h4>\n

We learned about how cron works, a little bit about scripts, and how to write files using cat.<\/p>\n

[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.7.5″ _module_preset=”default” column_structure=”1_2,1_2″][et_pb_column _builder_version=”4.7.5″ _module_preset=”default” type=”1_2″][et_pb_image src=”https:\/\/hackmethod.com\/wp-content\/uploads\/2020\/12\/Previous.png” _builder_version=”4.7.5″ _module_preset=”default” alt=”Previous Level” title_text=”Previous” url=”https:\/\/hackmethod.com\/overthewire-bandit-21″ hover_enabled=”0″ sticky_enabled=”0″][\/et_pb_image][\/et_pb_column][et_pb_column _builder_version=”4.7.5″ _module_preset=”default” type=”1_2″][et_pb_image src=”https:\/\/hackmethod.com\/wp-content\/uploads\/2020\/12\/Next.png” _builder_version=”4.7.5″ _module_preset=”default” alt=”Next Level” title_text=”Next” url=”https:\/\/hackmethod.com\/overthewire-bandit-23″ align=”right” hover_enabled=”0″ sticky_enabled=”0″][\/et_pb_image][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"

Recap of Level 21: Learned about creating a simple data communication link between hosts.   Bandit Level 22 Objective: Find the password to the next level Intel Given: A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in \/etc\/cron.d\/ for the configuration and see what command is being executed. […]<\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"Recap of Last\u00a0Lesson<\/a>:<\/strong> Learned about creating a simple data communication link between hosts\r\n<\/strong>\r\n\r\nBandit Level 22<\/strong><\/a>\r\n\r\nObjective<\/strong>\r\n\r\nFind the password to the next level\r\n\r\nIntel Given<\/strong>\r\n\r\nA program is running automatically at regular intervals from cron<\/b>, the time-based job scheduler. Look in \/etc\/cron.d\/<\/b> for the configuration and see what command is being executed.\r\n\r\n\r\n\r\nHow to<\/strong>\r\n\r\nOur intel seems pretty straightforward for this level. There\u2019s a script in cron, the script scheduler that let\u2019s users and programs create and select scripts and programs to execute at a certain time, that contains the password. Cron can be used to schedule things to run daily, weekly, monthly, or hourly. It is a powerful tool to automatically set up backups, download and install updates, and anything else that needs to be run at a certain time. Our intel suggests that we should look in the cron directory so let\u2019s take a look.\r\n\r\n\"bandit22-1\"<\/a>\r\n\r\ncronjob_bandit22 looks promising so let\u2019s open it up. Cron\u2019s format is a little unorthodox so let\u2019s take a look. there are 5 spaces for specifying what time to run the script or program. If the space isn\u2019t needed a star is used as a placeholder. The first position is used to denote , the minute using a value between 0-59. The second one is hour, using the 24 hour clock, meaning values between 0-23. The third place is used for day of the month, \u00a0using values ranging from 1-31. The fourth space is month, specified by numbers between 1-12. The fifth position is used for day of the week, depending on the distribution 0 or 7 could be Sunday, I recommend checking on any distribution that you\u2019re not sure about. The next part of a cron job is the username that executes the job. The final part of the cron job command is the script or program that is to be executed.\r\n\r\nIf you\u2019re having trouble visualizing this here\u2019s a graphic from adminschoice.com\r\n\r\n* \u00a0\u00a0\u00a0 * \u00a0\u00a0 * \u00a0\u00a0 * \u00a0\u00a0\u00a0 * \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0command to be executed\r\n- \u00a0\u00a0\u00a0 -\u00a0\u00a0\u00a0 - \u00a0\u00a0 - \u00a0\u00a0 -\r\n| \u00a0\u00a0\u00a0 | \u00a0\u00a0\u00a0 | \u00a0\u00a0\u00a0 |\u00a0\u00a0\u00a0 |\r\n| \u00a0\u00a0\u00a0 | \u00a0\u00a0\u00a0 | \u00a0\u00a0\u00a0 |\u00a0\u00a0\u00a0 +----- day of week (0 - 6) (Sunday=0)\r\n| \u00a0\u00a0\u00a0 | \u00a0\u00a0\u00a0 | \u00a0\u00a0\u00a0 +------- month (1 - 12)\r\n| \u00a0\u00a0\u00a0 | \u00a0\u00a0\u00a0 +--------- day of \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0month (1 - 31)\r\n| \u00a0\u00a0\u00a0 +----------- hour (0 - 23)\r\n+------------- min (0 - 59)\r\n\r\nThere\u2019s also a tool for showing what a proper cron configuration should look like for whatever you would like at corntab.com http:\/\/www.corntab.com\/pages\/crontab-gui<\/a>.\u00a0Edit: User Christian has emailed us and told of us another cool alternative\u00a0http:\/\/crontab.guru\/<\/a><\/em>\r\n\r\nNow that we know the basics of cron let\u2019s take a look at the script we have at hand.\r\n\r\n\"bandit22-2\"<\/a>\r\n\r\nLooks like this script is set to run every minute of every hour of every day of the month of every month and every day of the week. If this had been a resource intense one like a backup across a network it could cause some serious problems. I have a feeling, however that it is pretty small and doesn\u2019t take up a lot of resources. So to further investigate let\u2019s see what the script does.\r\n\r\n\"bandit22-3\"<\/a>\r\n\r\nlooks like this script changes the file permissions of a file in the \/tmp\/ directory to enable the read and write permission for the user, and read permission for the group and everyone else. The \/tmp directory is similar to the temp file folder in Windows, it\u2019s used to create random directory and file names for use in programs and scripts. The second line in the script looks like it reads the file bandit22 in the \/etc\/bandit_pass\/ directory and then uses the greater than sign (>). In Linux this is used to write text from one file to another, so the file bandit22 is essentially being copied to the \/tmp\/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv file. If we wanted to write more than one file to a file we would have to add another of the brackets like so >>, this tells the shell that instead of writing over the file to add them to the bottom of the file. This technique is mostly used to write outputs to logs that otherwise would go to the standard output. Anyway let\u2019s find that password.\r\n\r\nThe script wrote it to the file in the \/tmp\/ directory so let\u2019s try to cat it.\r\n\r\n\"bandit22-4\"<\/a>\r\n\r\nAlright looks good!\r\n\r\nConclusion<\/strong>\r\n\r\nWe learned about how cron works, a little bit about scripts, and how to write files using cat.","_et_gb_content_width":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[52,44,49],"tags":[43,45,46],"class_list":["post-832","post","type-post","status-publish","format-standard","hentry","category-hacking","category-overthewire","category-tutorials","tag-bandit","tag-overthewire","tag-tutorials"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p5zY4D-dq","_links":{"self":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/832","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/comments?post=832"}],"version-history":[{"count":7,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/832\/revisions"}],"predecessor-version":[{"id":27570,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/posts\/832\/revisions\/27570"}],"wp:attachment":[{"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/media?parent=832"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/categories?post=832"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hackmethod.com\/wp-json\/wp\/v2\/tags?post=832"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}