[Bandit-OverTheWire] Level 22 -> Level 23
두비니
·2020. 9. 24. 23:26
Bandit Level 22 → Level 23Level GoalA program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed. NOTE: Looking at shell scripts written by other people is a very useful skill. The script for this level is intentionally made easy to read. If you are having problems understanding what it does, try executing it to see the debug information it prints. Commands you may need to solve this levelcron, crontab, crontab(5) (use “man 5 crontab” to access this) |
접속
접속 : ssh bandit22@bandit.labs.overthewire.org -p2220
pw : Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI
이전 문제랑 비슷한 맥락이네요.
bandit22@bandit:~$ cat /etc/cron.d/cronjob_bandit23
@reboot bandit23 /usr/bin/cronjob_bandit23.sh &> /dev/null
* * * * * bandit23 /usr/bin/cronjob_bandit23.sh &> /dev/null
봅시다
bandit22@bandit:~$ cat /usr/bin/cronjob_bandit23.sh
#!/bin/bash
myname=$(whoami)
mytarget=$(echo I am user $myname | md5sum | cut -d ' ' -f 1)
echo "Copying passwordfile /etc/bandit_pass/$myname to /tmp/$mytarget"
cat /etc/bandit_pass/$myname > /tmp/$mytarget
보아하니 저 mytarget의 값을 찾아내야하네요.
myname은 bandit23이니 실행시켜봅시다.
bandit22@bandit:~$ cat /usr/bin/cronjob_bandit23.sh &> /dev/null
bandit22@bandit:~$ echo I am user bandit23 | md5sum | cut -d ' ' -f 1
8ca319486bfbbc3663ea0fbe81326349
myname이 /tmp/8ca319486bfbbc3663ea0fbe81326349 안에있는 값을 알아내면 되겠죠?
bandit22@bandit:~$ cat /tmp/8ca319486bfbbc3663ea0fbe81326349
jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n
끝
'War Games > Bandit - OverTheWire' 카테고리의 다른 글
[Bandit-OverTheWire] Level 24 -> Level 25 (0) | 2020.09.25 |
---|---|
[Bandit-OverTheWire] Level 23 -> Level 24 (0) | 2020.09.25 |
[Bandit-OverTheWire] Level 21 -> Level 22 (0) | 2020.09.24 |
[Bandit-OverTheWire] Level 20 -> Level 21 (0) | 2020.09.24 |
[Bandit-OverTheWire] Level 19 -> Level 20 (0) | 2020.09.23 |