Bandit23

 

bandit level23

ssh server: bandit.labs.overthewire.org port 2220

username: bandit23

password: QYw0Y2aiA672PsMmh9puTQuhoz8SyR2G

Its just like the last challenge we need to find the configuration of the cron job to trace it

This time the scrip 1st read the username in the variable myname of the user running it then enter into /var/spool/$myname/foo

Then scan all the files in the foo directory if the file is owned by bandit23 will run it, but if it wasn't owned by bandit23 will not run it but both ways will delete it.

So all what we need is to put a script in the foo directory, but its better to keep a backup of it, maybe we need to do changes to it. 

Create directory in /tmp into it create the script, which will read the bandit24 password and copy it to out temp directory.

We need to change the directory and the script permeations, to allow bandit24 to read and run the script, and write into the temp directory, also copy the script into the /var/spool/bandit24/fool directory

It's a cron job so all what we need is just wait and the job will run which will call the script into the foo directory and return back with the password

 this is the password for the next level bandit24

tell we meet there

Your comments and feedback are highly appreciated

Thank You