Bandit 22 Objective A program is running automatically at regular intervals from cron , the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed. Solution lets see what's in cron.d bandit21@bandit:~$ cd /etc/cron.d bandit21@bandit:/etc/cron.d$ ls cronjob_bandit22 cronjob_bandit23 cronjob_bandit24 cool there is a file called cronjob_bandit22 lets see whats inside bandit21@bandit:/etc/cron.d$ cat cronjob_bandit22 @reboot bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null * * * * * bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null ok lets see whats in that file #!/bin/bash chmod 644 /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv cat /etc/bandit_pass/bandit22 > /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv let's decode that a bit ok there is a chmod which change the permissions for a file in the tmp directory named t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv which give the owner of the file read/write but
@circusmonkey404 on the twitters; DM for contact