본문 바로가기
Wargame/Bandit

[ Docker ] Bandit Wargame 만들기 - 22번 문제 ( 23 / 33 )

loopinger 2024. 6. 19. 17:47

1. Bandit22 목표

A program is running automatically at regular intervals from cron, the time-based job scheduler.
Look in /etc/cron.d/ for the configuration and see what command is being executed.

NOTE: Looking at shell scripts written by other people is a very useful skill. The script for this level is intentionally made easy to read.
If you are having problems understanding what it does, try executing it to see the debug information it prints.

Commands you may need to solve this level
cron, crontab, crontab(5) (use “man 5 crontab” to access this)

 

2. Bandit22 구현

# 비밀번호 root 입력 접속
ssh -oStrictHostKeyChecking=no root@localhost -p 2220

chown -R root:root /home/bandit22/.[!.]*

echo '@reboot bandit23 /usr/bin/cronjob_bandit23.sh  &> /dev/null' >> /etc/cron.d/cronjob_bandit23
echo '* * * * * bandit23 /usr/bin/cronjob_bandit23.sh  &> /dev/null' >> /etc/cron.d/cronjob_bandit23

cat > /usr/bin/cronjob_bandit23.sh <<"CRONJOB"
#!/bin/bash

myname=$(whoami)
mytarget=$(echo I am user $myname | md5sum | cut -d ' ' -f 1)

echo "Copying passwordfile /etc/bandit_pass/$myname to /tmp/$mytarget"

cat /etc/bandit_pass/$myname > /tmp/$mytarget
CRONJOB

useradd bandit23 && echo -e "jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n\njc1udXuA1tiHqjIsL8yaapX5XIAI6i0n" | passwd bandit23

chmod 750 /usr/bin/cronjob_bandit23.sh

chown bandit23:bandit22 /usr/bin/cronjob_bandit23.sh

chmod 755 /home/bandit23

chown root:root /home/bandit23

echo jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n > /etc/bandit_pass/bandit23

chmod 400 /etc/bandit_pass/bandit23

chown bandit23:bandit23 /etc/bandit_pass/bandit23

 

3. Bandit22 문제풀의

# bandit22 로 설정한 패스워드를 입력하여 접속한다.
# Yk7owGAcWjwMVRwrTesJEwB7WVOiILLI
ssh -oStrictHostKeyChecking=no bandit22@localhost -p 2220

# 스케쥴러 목록 확인
ls -la /etc/cron.d

# bandit23 스케쥴러 내용 확인
cat /etc/cron.d/cronjob_bandit23

# bandit23 쉘 파일 확인
cat /usr/bin/cronjob_bandit23.sh

# cut 
# -d, --delimiter : 구분 짓는 기본값
# -f, --fields    : 지정한 필드만 출력
# 쉘 파일 타겟 확인
echo I am user bandit23 | md5sum | cut -d ' ' -f 1

# 패스워드 확인
cat /tmp/8ca319486bfbbc3663ea0fbe81326349
저작자표시

'Wargame > Bandit' 카테고리의 다른 글

[ Docker ] Bandit Wargame 만들기 - 24번 문제 ( 25 / 33 )  (0) 2024.06.19
[ Docker ] Bandit Wargame 만들기 - 23번 문제 ( 24 / 33 )  (0) 2024.06.19
[ Docker ] Bandit Wargame 만들기 - 21번 문제 ( 22 / 33 )  (0) 2024.06.19
[ Docker ] Bandit Wargame 만들기 - 20번 문제 ( 21 / 33 )  (0) 2024.06.19
[ Docker ] Bandit Wargame 만들기 - 19번 문제 ( 20 / 33 )  (0) 2024.06.19

'Wargame/Bandit' Related Articles

티스토리툴바