overthewirebandit教程(21-33)

Bandit Level 21 → Level 22

Level Goal

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

Commands you may need to solve this level

cron, crontab, crontab(5) (use “man 5 crontab” to access this)

 cron是一个linux下 的定时执行工具,可以在无需人工干预的情况下运行作业。先按照提示看看当前目录下有什么,可以看到这是一个执行了一个脚本,然后打开这个脚本看看这是一个定时将22关密码写到/tmp目录下的一个脚本,我们读取这个临时文件就知道了下一关的密码。

cd /etc/cron.d
ls
cat cronjob_bandit22
cat /usr/bin/cronjob_bandit22.sh
cat /tmp/t7O6lds9S0RqQh9aMcz6ShpAoZKF7fgv

overthewirebandit教程(21-33)_第1张图片 WdDozAdTM2z9DiFEQ2mGlwngMfj4EZff

 

Bandit Level 22 → Level 23

Level Goal

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

NOTE: Looking at shell scripts written by other people is a very useful skill. The script for this level is intentionally made easy to read. If you are having problems understanding what it does, try executing it to see the debug information it prints.

Commands you may need to solve this level

cron, crontab, crontab(5) (use “man 5 crontab” to access this)

 还是老位置

cd /etc/cron.d
ls
cat cronjob_bandit23
cat /usr/bin/cronjob_bandit23.sh

overthewirebandit教程(21-33)_第2张图片

实现的功能是取当前用户名,然后计算 I am user $当前用户名 的md5值,将bandit22密码的复制到tmp目录下的对应的md5值的文件中 

 /bin/bash /usr/bin/cronjob_bandit23.sh
cat /tmp/8169b67bd894ddbb4412f91573b38db3
 echo I am user bandit23|md5sum
cat /tmp/8ca319486bfbbc3663ea0fbe81326349

overthewirebandit教程(21-33)_第3张图片

 QYw0Y2aiA672PsMmh9puTQuhoz8SyR2G

Bandit Level 23 → Level 24

Level Goal

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

NOTE: This level requires you to create your own first shell-script. This is a very big step and you should be proud of yourself when you beat this level!

NOTE 2: Keep in mind that your shell script is removed once executed, so you may want to keep a copy around…

Commands you may need to solve this level

cron, crontab, crontab(5) (use “man 5 crontab” to access this)

 前面的操作已经大差不

cd /etc/cron.d
ls
cat cronjob_bandit24
cat /usr/bin/cronjob_bandit24.sh

overthewirebandit教程(21-33)_第4张图片

/var/spool/cron/ 这个目录下存放的是每个用户包括root的crontab任务,每个任务以创建者的名字命名,比如tom建的crontab任务对应的文件就是/var/spool/cron/tom。一般一个用户最多只有一个crontab文件。我们在/var/spool/bandit24目录下就可以运行bandit24的定时任务,创建一个放在改目录下的脚本就可以执行了
vim getpass.sh
cat /etc/bandit_pass/bandit24 > /tmp/bandit24pass
overthewirebandit教程(21-33)_第5张图片

VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar
 

Bandit Level 24 → Level 25

Level Goal

A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pincode. There is no way to retrieve the pincode except by going through all of the 10000 combinations, called brute-forcing.
You do not need to create new connections each time

for i in {0000..9999};do echo $i;echo VAfGXJ1PBSsPSnvsjI8p759leLZ9GGar $i;done|nc localhost 30002
 

你可能感兴趣的:(over,the,wire,网络安全基础,linux,运维,服务器)