OverTheWire Bandit 22
A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.
NOTE: Looking at shell scripts written by other people is a very useful skill. The script for this level is intentionally made easy to read. If you are having problems understanding what it does, try executing it to see the debug information it prints.
Again, under /etc/cron.d folder is a cronjob_bandit23 script. We use the cat command to look inside.
We see it building the string using the whoami command, performing an md5 checksum on it, and setting $mytarget to the result. Finally it writes the contents of bandit_pass/bandit23 password file to the file under /tmp.
We emulate the script, substituting the correct username bandit23 into the md5 line. Once we have the result, we know the name of the file under /tmp.