728x90
bandit22@bandit:~$ cd /etc/cron.d
bandit22@bandit:/etc/cron.d$ ls
cronjob_bandit15_root cronjob_bandit22 cronjob_bandit24
cronjob_bandit17_root cronjob_bandit23 cronjob_bandit25_root
bandit22@bandit:/etc/cron.d$ fiel cronjob_bandit23
-bash: fiel: command not found
bandit22@bandit:/etc/cron.d$ file cronjob_bandit23
cronjob_bandit23: ASCII text
bandit22@bandit:/etc/cron.d$ cat cronjob_bandit23
@reboot bandit23 /usr/bin/cronjob_bandit23.sh &> /dev/null
* * * * * bandit23 /usr/bin/cronjob_bandit23.sh &> /dev/null
bandit22@bandit:/etc/cron.d$ cat /usr/bin/cronjob_bandit23.sh
#!/bin/bash
myname=$(whoami)
mytarget=$(echo I am user $myname | md5sum | cut -d ' ' -f 1)
echo "Copying passwordfile /etc/bandit_pass/$myname to /tmp/$mytarget"
cat /etc/bandit_pass/$myname > /tmp/$mytarget
bandit22@bandit:/etc/cron.d$ echo I am user bandit23 | md5sum | cut -d ' ' -f 1
8ca319486bfbbc3663ea0fbe81326349
bandit22@bandit:/etc/cron.d$ cat /tmp/8ca319486bfbbc3663ea0fbe81326349
jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n
bandit22@bandit:/etc/cron.d$
형식이 다 나와있으므로 echo로 id를 확인해주면 주소가 나온다.
jc1udXuA1tiHqjIsL8yaapX5XIAI6i0n
728x90
'etc > bandit' 카테고리의 다른 글
| [Bandit] Level 24 ~> Level 25 (0) | 2020.09.22 |
|---|---|
| [Bandit] Level 23 ~> Level 24 (0) | 2020.09.22 |
| [Bandit] Level 21 ~> Level 22 (0) | 2020.09.22 |
| [Bandit] Level 20 ~> Level 21 (0) | 2020.09.22 |
| [Bandit] Level 19 ~> Level 20 (0) | 2020.09.22 |