The Goal

A program is running automatically at regular intervals via cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and find out what command is being executed.

The Approach

Navigating to /etc/cron.d/ and reading the relevant cron file reveals which script is being run and on what schedule:

bandit21@bandit:/usr/bin$ cd /etc/cron.d
bandit21@bandit:/etc/cron.d$ cat cronjob_bandit22
@reboot bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null
* * * * * bandit22 /usr/bin/cronjob_bandit22.sh &> /dev/null

Reading the script itself shows what it does: it makes the password file world-readable and writes bandit22's password to a file in /tmp:

bandit21@bandit:/etc/cron.d$ cat /usr/bin/cronjob_bandit22.sh
#!/bin/bash
chmod 644 /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
cat /etc/bandit_pass/bandit22 > /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv

Reading that temp file gives the password:

bandit21@bandit:/etc/cron.d$ cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
password

Commands Covered

  • cron, the system's time-based job scheduler
  • /etc/cron.d/, directory containing cron job definitions
  • cat /usr/bin/script.sh, read a shell script to understand what it does