Bandit Level 23 → Level 24

Level Goal

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

NOTE: Looking at shell scripts written by other people is a very useful skill. The script for this level is intentionally made easy to read. If you are having problems understanding what it does, try executing it to see the debug information it prints.

Commands you may need to solve this level

cron, crontab, crontab(5) (use “man 5 crontab” to access this)

bandit23@bandit:/etc/cron.d$ ls
cronjob_bandit22  cronjob_bandit23  cronjob_bandit24
bandit23@bandit:/etc/cron.d$ cat cronjob_bandit24
@reboot bandit24 /usr/bin/cronjob_bandit24.sh &> /dev/null
* * * * * bandit24 /usr/bin/cronjob_bandit24.sh &> /dev/null
bandit23@bandit:/etc/cron.d$ cat /usr/bin/cronjob_bandit24.sh
#!/bin/bash

myname=$(whoami)

cd /var/spool/$myname
echo "Executing and deleting all scripts in /var/spool/$myname:"
for i in * .*;
do
    if [ "$i" != "." -a "$i" != ".." ];
    then
    echo "Handling $i"
    timeout -s 9 60 ./$i
    rm -f ./$i
    fi
done
bandit23@bandit:/etc/cron.d$ cd /tmp/bandit23
bandit23@bandit:/tmp/bandit23$ vi bandit23.sh
bandit23@bandit:/tmp/bandit23$ ls
bandit22  bandit23.sh  file.txt  psswd  pythonconnect  spoilers  test  test2.sh  uuhh
bandit23@bandit:/tmp/bandit23$ chmod 777 bandit23.sh
bandit23@bandit:/tmp/bandit23$ cp bandit23.sh /var/spool/bandit24
bandit23@bandit:/tmp/bandit23$ ls /var/spool/bandit24/
bandit23.sh  bandit27  bandit28  delirium_28  repo28  repo29
bandit23@bandit:/tmp/bandit23$ ls -la
total 2016
drwxrwxrwx     5 bandit23 root        4096 Jul 10 02:27 .
drwxrws-wt 58575 root     root     2019328 Jul 10 02:27 ..
-r--------     1 bandit22 bandit22      33 Jul 10 01:52 bandit22
-rwxrwxrwx     1 bandit23 bandit23      74 Jul 10 02:26 bandit23.sh
-rw-r--r--     1 bandit24 bandit24      33 Jul 10 02:27 bandit24_password
-rw-r--r--     1 bandit24 bandit24      33 Jul  7 22:03 file.txt
-rw-r--r--     1 bandit23 bandit23      23 Jul  7 12:24 psswd
drwxr-xr-x     2 bandit23 bandit23    4096 Jun 20 12:07 pythonconnect
drwxr-xr-x     3 bandit23 bandit23    4096 Jun 12 11:14 spoilers
-rw-r--r--     1 bandit23 bandit23       0 Jul  5 01:48 test
-rwxrwxrwx     1 bandit23 bandit23      65 Jul  3 23:16 test2.sh
drwxr-xr-x     2 bandit23 bandit23    4096 Jul  2 18:43 uuhh
bandit23@bandit:/tmp/bandit23$ cat bandit24_password
UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ