For example, for level 21, you wanted to get to the right place then take a look at the script that was being run.
bandit21@melinda:/etc/cron.d$> cat
/usr/bin/cronjob_bandit22.sh
#!/bin/bash
chmod 644
/tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
cat /etc/bandit_pass/bandit22 >
/tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
Now that we see that the password is being placed in a file in /tmp. /tmp is meant to be like a scratch pad or an extra hand to briefly hold onto something. We can see however that the script then does a chmod or 'change mode' which sets permissions on the file in to be readable by anyone. For a perms primer try:
http://www.tldp.org/LDP/GNU-Linux-Tools-Summary/html/x9543.htm
http://www.tldp.org/LDP/GNU-Linux-Tools-Summary/html/x9543.htm
Now that you know where the file containing the password is just take a look at it:
$> cat
/tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv
Level 23: The trick here is that since you know
what is being run by virtue of being able to view the script you can
duplicate the output of the script. The output of the script is the
name of a file in which the next password is created. So, by
duplicating the output of the script you have the file name where the
data is stored.
$> echo I am user bandit23 | md5sum
8ca319486bfbbc3663ea0fbe81326349 -
$> cat
/tmp/8ca319486bfbbc3663ea0fbe81326349
Finally we hit the last level which wants us to write a script. I guess I had written a few specifically for the game by this point even though the game says this will be your first one. A bash script starts with a sh-bang! That is: #! and then is generally followed by /bin/bash, so the first line of a bash script should look pretty much like:
#!/bin/bash
More on that here: http://tldp.org/LDP/Bash-Beginners-Guide/html/sect_02_02.html
So you could write a simple script to do the thing that gives you the answer and it certainly is good practice to do so if you haven't written very many, and it's always fun to explore the environment of the game by seeing how it reacts when you give it the script ....
or you can game the game.
or you can game the game.
And isn't that what hacking is really all about? Why write a script when a thousand other people before you already have? As we know the code of the script you would write are the same as what everyone else has already written and the answer already stored in a predictable location. Use what we did in level 23 to achieve the same result, the file may still be hanging around in /tmp with the answer just waiting for you to find it. The same vulnerability of temp that we learned about in level 23 still exists to be exploited.
Hope you have enjoyed the tour of bandit. And don't keep . in your path!
No comments:
Post a Comment