1. Bandit23 목표
A program is running automatically at regular intervals from cron, the time-based job scheduler.
Look in /etc/cron.d/ for the configuration and see what command is being executed.
NOTE:
This level requires you to create your own first shell-script.
This is a very big step and you should be proud of yourself when you beat this level!
NOTE 2:
Keep in mind that your shell script is removed once executed, so you may want to keep a copy around…
Commands you may need to solve this level
chmod, cron, crontab, crontab(5) (use “man 5 crontab” to access this)
2. Bandit23 구현
# 비밀번호 root 입력 접속
ssh -oStrictHostKeyChecking=no root@localhost -p 2220
chown -R root:root /home/bandit23/.[!.]*
echo '@reboot bandit24 /usr/bin/cronjob_bandit24.sh &> /dev/null' > /etc/cron.d/cronjob_bandit24
echo '* * * * * bandit24 /usr/bin/cronjob_bandit24.sh &> /dev/null' >> /etc/cron.d/cronjob_bandit24
cat > /usr/bin/cronjob_bandit24.sh <<"CRONJOB"
#!/bin/bash
myname=$(whoami)
cd /var/spool/$myname/foo
echo "Executing and deleting all scripts in /var/spool/$myname/foo:"
for i in * .*;
do
if [ "$i" != "." -a "$i" != ".." ];
then
echo "Handling $i"
owner="$(stat --format "%U" ./$i)"
if [ "${owner}" = "bandit23" ]; then
timeout -s 9 60 ./$i
fi
rm -f ./$i
fi
done
CRONJOB
useradd bandit24 && echo -e "gb8KRRCsshuZXI0tUuR6ypOFjiZbf3G8\ngb8KRRCsshuZXI0tUuR6ypOFjiZbf3G8" | passwd bandit24
mkdir -p /var/spool/bandit24/foo
chmod 773 /var/spool/bandit24/foo
chown root:bandit24 /var/spool/bandit24/foo
chmod 750 /usr/bin/cronjob_bandit24.sh
chown bandit24:bandit23 /usr/bin/cronjob_bandit24.sh
chmod 755 /home/bandit24
chown root:root /home/bandit24
echo gb8KRRCsshuZXI0tUuR6ypOFjiZbf3G8 > /etc/bandit_pass/bandit24
chmod 400 /etc/bandit_pass/bandit24
chown bandit24:bandit24 /etc/bandit_pass/bandit24
3. Bandit23 문제풀의
# bandit23 로 설정한 패스워드를 입력하여 접속한다.
# jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n
ssh -oStrictHostKeyChecking=no bandit23@localhost -p 2220
# 임시 파일을 생성 및 파일 경로 저장
TMP_FILE=$(mktemp)
# 임시 파일 삭제
rm $TMP_FILE
# /etc/bandit_pass/bandit24의 패스워드를 임시 파일에 저장해주는 쉘 파일을 /var/spool/bandit24/foo 위치에 생성
cat <<BANDIT_PASS > /var/spool/bandit24/foo/$(basename $TMP_FILE) && chmod 777 /var/spool/bandit24/foo/$(basename $TMP_FILE)
#!/bin/sh
cat /etc/bandit_pass/bandit24 > $TMP_FILE
BANDIT_PASS
# 비밀번호를 저장한 임시 파일이 생성될 때 까지 대기
# 패스워드 확인
while ! [ -s "$TMP_FILE" ]; do sleep 1; done && cat "$TMP_FILE"'Wargame > Bandit' 카테고리의 다른 글
| [ Docker ] Bandit Wargame 만들기 - 25번 문제 ( 26 / 33 ) (0) | 2024.06.20 |
|---|---|
| [ Docker ] Bandit Wargame 만들기 - 24번 문제 ( 25 / 33 ) (0) | 2024.06.19 |
| [ Docker ] Bandit Wargame 만들기 - 22번 문제 ( 23 / 33 ) (0) | 2024.06.19 |
| [ Docker ] Bandit Wargame 만들기 - 21번 문제 ( 22 / 33 ) (0) | 2024.06.19 |
| [ Docker ] Bandit Wargame 만들기 - 20번 문제 ( 21 / 33 ) (0) | 2024.06.19 |