Cronjob Exploit For Privilege Escalation
This script was built in shell script for privilege escalation using an writable file that will be executed by a privileged user in a Cron task.
What is Cron Job? |crontab file| => Cron is a process running in the background of the system, listing files with commands to be executed periodically at fixed times, dates or intervals. The default system cron table or crontab configuration file is /etc/crontab. Hackers use a writable file that will be run by an admin user in a cron job to inject commands or malicious code and gain control after the file runtime has arrived.
Any user can read the file keeping system-wide cron jobs under /etc/crontab so check it.
cat /etc/crontab
Installation:
git clone https://github.com/Jsmoreira02/Cronjob-Exploit.git
There are four privilege escalation methods in this script
1 = Inserts within the sudoers configuration file, access of sensitive system commands, which can only be executed by the root user, without the need for a password.
Payload: {current_user} ALL=(ALL) NOPASSWD:ALL
sudo su ---> Instant access to the root user after the cronjob
2 = It injects a reverse shell code inside the file and after being executed, the attacker will gain access to the user who owns the file or even the root user. The language of the reverse shell is of the user's choice.
3 = Change the file owner by injecting the bash terminal command: chown
4 = Adds a new admin user on the system, with predefined password (The script will show it, don't worry :D).
1 - edit /etc/sudoers
2 - reverse_shell injection
3 - change file owner
4 - add superuser
5 - exit
Regardless of which mode you choose during the hack, you should always inform the location of the writable crontab file. After that, just wait for the cron task on the system to run and then exploit
I am not responsible for any illegal use or damage caused by this tool. It was written for fun, not evil and is intended to raise awareness about cybersecurity