Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jsmoreira02/cronjob-exploit

Privilege escalation method using writable files in /etc/crontab on linux systems. Made in Shell Script for automation during the hack (and with a special attention to CTFs)
https://github.com/jsmoreira02/cronjob-exploit

crontab-task ctf-tools cybersecurity hacking-tool privilege-escalation-exploits shell-script

Last synced: about 10 hours ago
JSON representation

Privilege escalation method using writable files in /etc/crontab on linux systems. Made in Shell Script for automation during the hack (and with a special attention to CTFs)

Awesome Lists containing this project

README 

        





  ![logo](https://github.com/Jsmoreira02/Cronjob-Exploit/assets/103542430/c9c7910f-2ad3-4458-b719-77c68e23b45a)

    

  [![License: GPL-2.0](https://img.shields.io/badge/License-GPL--2.0-blue.svg)](https://opensource.org/licenses/GPL-2.0)

  

  

  

    




# 



***Cronjob Exploit For Privilege Escalation***



This script was built in shell script for privilege escalation using an writable file that will be executed by a privileged user in a Cron task.

#



```What is Cron Job? |crontab file|``` => Cron is a process running in the background of the system, listing files with commands to be executed periodically at fixed times, dates or intervals. The default system cron table or crontab configuration file is ***/etc/crontab***. Hackers use a writable file that will be run by an admin user in a cron job to inject commands or malicious code and gain control after the file runtime has arrived.



Any user can read the file keeping system-wide cron jobs under /etc/crontab so check it. 



```

cat /etc/crontab

```



***Installation***:

```bash

git clone https://github.com/Jsmoreira02/Cronjob-Exploit.git

```



**Or upload directly to the target**

```bash

curl -o /tmp/exploit.sh https://raw.githubusercontent.com/Jsmoreira02/Cronjob-Exploit/main/exploit_crontab.sh

```

#

# Modes of operations



***There are four privilege escalation methods in this script*** 



```                  

                     1 - edit /etc/sudoers

                     2 - reverse_shell injection

                     3 - change file owner

                     4 - add superuser

                     5 - exit

```



### 1 - Edit etc/sudoers file



![Gravando2024-04-02193557-ezgif com-video-to-gif-converter](https://github.com/Jsmoreira02/Cronjob-Exploit/assets/103542430/14f9d5c1-d6ad-4d97-b764-2ff4152557fd)



Inserts within the sudoers configuration file, access of sensitive system commands, which can only be executed by the root user, without the need for a password.



### 2 - Reverse shell injection 



![VdeosemttuloFeitocomoClipchamp1-ezgif com-video-to-gif-converter](https://github.com/Jsmoreira02/Cronjob-Exploit/assets/103542430/e080d5f8-a5f3-464c-a283-c454277db5e7)



It injects a reverse shell code inside the file and after being executed, the attacker will gain access to the user who owns the file or even the root user. The language of the reverse shell is of the user's choice.



### 3 - Change file owner 



Change the file owner by injecting the bash terminal command: chown



### 4 - Add superuser



![Gravando2024-04-02193705-ezgif com-video-to-gif-converter](https://github.com/Jsmoreira02/Cronjob-Exploit/assets/103542430/350fd201-2f63-43f2-b124-46990ebc6239)



Adds a new admin user on the system, with predefined password (The script will show it, don't worry :D).



***Regardless of which mode you choose during the hack, you should always inform the location of the writable crontab file. After that, just wait for the cron task on the system to run and then exploit***



# Warning:    

> I am not responsible for any illegal use or damage caused by this tool. It was written for fun, not evil and is intended to raise awareness about cybersecurity