InfoSec LAB

Cron

PSPY has captured the execution flow of a root cronjob process. It’s executing a bash script; /var/backups/etc_Backup.sh

`/var/backups/etc_Backup.sh`

snort@ochima:~$ cat /var/backups/etc_Backup.sh
#! /bin/bash 
tar -cf /home/snort/etc_backup.tar /etc
 
 
 
snort@ochima:~$ ll /var/backups/etc_Backup.sh
-rwxrwxrwx 1 root root 54 Dec 11  2023 /var/backups/etc_Backup.sh*

The bash script archives the /etc directory into the /home/snort/etc_backup.tar file More importantly, the bash script is WRITABLE by anyone Moving on to the Privilege Escalation phase

InfoSec LAB

Explorer

Ochima_Cron

Cron

`/var/backups/etc_Backup.sh`

Interactive Graph View

Table of Contents

Backlinks