Cron Jobs - File Permissions
Enumeration
We are going to exploit a misconfigured script to escalate our privileges to root. Let’s check the content of a crontab /etc/crontab
We will locate the full path of overwrite.sh script and examine it permissions.
Well…we have write permission on it, which means we can be able to write our own payload in it so that to be executed automatically by a cronjob. This will allow us to obtain root shell because the script is set to run with root privilege.
Exploitation
Let’s open the script overwrite.sh and add our own reverse shell payload.
Now we will save it and setup our reverse shell listener.
Well…As you can see, we have obtained a shell with root privilege.