Linux Privilege Escalation by Exploiting Cronjobs

After solving several OSCP Challenges we decided to write the article on the various method used for Linux privilege escalation, that could be helpful for our readers in their penetration testing project. In this article, we will learn “Privilege Escalation by exploiting Cron Jobs” to gain root access of a remote host machine and also examine how a bad implement cron job can lead to Privilege escalation. If you have solved CTF challenges for Post exploit then by reading this article you will realize the several loopholes that lead to privileges escalation.

For details, you can read our previous article where we had applied this trick for privilege escalation. Open the links given below:

Link1: Hack the Box Challenge: Europa Walkthrough

Link2: Hack the Milnet VM (CTF Challenge)

Table of content

• Introduction
• Cron job
• Crontab syntax
• Crontab File overwrite
• Lab Setup (Ubuntu)
• Exploiting cron job (Kali Linux)
• Crontab Tar wildcard Injection
• Lab Setup (Ubuntu)
• Exploiting cron job (Kali Linux)

Let’s Start!!!

What is cron job?

Cron Jobs are used for scheduling tasks by executing commands at specific dates and times on the server. They’re most commonly used for sysadmin jobs such as backups or cleaning /tmp/ directories and so on. The word Cron comes from crontab and it is present inside /etc directory.

Full Article Read Here