Escalation via cron file overwrites
Another technique we can leverage to elevate our privileges is the ability to overwrite the content of scripts that are used by cron jobs. In the previous sections, we explored the process of leveraging misconfigured paths and utilizing wildcards. However, we did not explore the process of overwriting the content of scripts or files to elevate our privileges.
Note
The success and viability of this technique will depend on whether we have the necessary permissions to write or make changes to the script or file being run by the cron job.
This technique can be performed by following these steps:
- The first step in this process involves identifying a cron job that executes a script or binary with read and write permissions as the root user. In this case, we can identify a cron job that runs the
overwrite.shscript when invoked, as highlighted in the following screenshot:
Figure 12.18 – Overwrite cron job
We looked at how to exploit...
