A program is running periodically from cron. Check /etc/cron.d/ for the configuration. This time, the cron job executes all scripts found in a specific directory: /var/spool/bandit24/foo/. You need to write a script that will grab the password for you.
This level is a major step up because instead of just reading a script, I had to write one. The cron job for this level is configured to execute any script it finds in a specific folder and then delete it.
First, I checked the cron script to see how it works:
$ cat /usr/bin/cronjob_bandit24.sh
The script essentially says: “Look in /var/spool/bandit24/foo/, execute every script there as user bandit24, and then delete the scripts.”
I needed to create a script that, when run by bandit24, would copy the password file I couldn’t normally see into a place where I could.
2. **Write the exploit script**:
I created a file named `solve.sh` inside my temp folder:
```bash
#!/bin/bash
cat /etc/bandit_pass/bandit24 > /tmp/my_secret_spot/password.txt
4. **Deploy**:
I copied my script into the "spool" directory where the cron job looks for work:
```bash
$ cp solve.sh /var/spool/bandit24/foo/
Now, I just had to wait a minute for the cron job to run. Once a minute passed, I checked my temp folder, and password.txt was there waiting for me!
[SPOILER]