Bandit22

bandit level22

ssh server: bandit.labs.overthewire.org port 2220

username: bandit22

password: WdDozAdTM2z9DiFEQ2mGlwngMfj4EZff

Its just like the last challenge we need to find the configuration of the cron job to trace it

Our target cron job is coronjob_bandit23, reading it revels the place of the script that runes

So we go to read the scrip from /usr/bin/cronjob_bandit23.sh

The script at the beginning creates a variable named "myname" and give it the value of the output of the whoami command, then creates another variable name it "mytarget" this variable value is coming from 1st echo "I am user (the value of myname variable)" then calculate the MD5 hash of this text finally cuts only the hash value from the output and submit the password of bandit23 into a file named with the MD5 value at the /tmp. This only happens if the user who running the script is bandit23 not any other user else the hash value would be different than expected and also it will only read the password of the user running the scrip not bandit23

But it is a cron job so its running based on time schedule using bandit23 username all what we need is to know the filename, this easily could be found by emulating the scrip function

This is the file name we only need to read this file

 this is the password for the next level bandit23

tell we meet there

Your comments and feedback are highly appreciated

Thank You