Cronpocalypse
Start the machine, hack the system, and find the hidden flags to complete this challenge and earn XP!
Norac
root
x0xr00t
root
x0xr00t
user
miltonjmelo
user
henriquesena
root
henriquesena
user
vitorcampos
root
vitorcampos
user
emmanuel21
user
ORIGINALHOKAGIE
user
luizbraga98
root
luizbraga98
user
Norac
user
eltonsantos22
root
eltonsantos22
user
Linux privilege escalation through cron job exploitation is one of the most commonly encountered attack paths in real-world penetration testing. Cron is the Linux task scheduler that executes scripts and commands at specified intervals, and when these scheduled tasks are misconfigured - running with elevated privileges while being writable by unprivileged users - they become a reliable pathway from initial access to full root control of a system.
Understanding Cron Jobs and Their Security Risks
The cron daemon reads scheduling configuration from several locations: system-wide crontabs in /etc/crontab and /etc/cron.d/, per-user crontabs managed with the crontab command, and periodic directories like /etc/cron.daily/ and /etc/cron.hourly/. Each entry specifies when a command should run and with what user privileges. The security risk arises when a cron job runs as root but references a script that a lower-privileged user can modify. By injecting malicious commands into that script, the attacker's code executes with root privileges on the next scheduled run.
Common misconfiguration patterns include world-writable scripts called by root cron jobs, wildcard usage in cron commands that enables argument injection, relative paths that allow path hijacking, and scripts that source or include files from writable locations. Each of these patterns has been exploited in real-world breaches and appears frequently in penetration testing engagements across enterprise Linux environments.
Linux Privilege Escalation Methodology
Discovering cron-based privilege escalation opportunities follows a systematic methodology. After gaining initial access, attackers enumerate all scheduled tasks by reading crontab files, listing periodic cron directories, and monitoring process execution with tools like pspy. Each discovered cron job is analyzed for the running user, the script or command being executed, file permissions on referenced scripts, and any writable paths in the execution chain. When a writable script running as root is found, the attacker modifies it to execute a reverse shell, copy a flag file, or add their SSH key to root's authorized_keys.
Hardening Cron Job Security
System administrators can prevent cron-based privilege escalation by ensuring strict file permissions on all scripts referenced by root cron jobs, using absolute paths in cron entries, avoiding wildcards in cron commands, regularly auditing scheduled tasks for permission issues, and implementing file integrity monitoring on critical system scripts.
What You Will Learn
- Understand how Linux cron jobs work and where scheduling configurations are stored
- Learn to enumerate and analyze scheduled tasks for privilege escalation opportunities
- Master techniques for exploiting writable cron scripts to gain root access
- Practice the full privilege escalation workflow from initial access to root
- Develop systematic Linux post-exploitation enumeration skills
Prerequisites
Ready to hack this lab?
Create a free account and start practicing cybersecurity hands-on.
Start Your Challenge
Launch your dedicated machine to begin hacking
New here? Here's what to do
Ready to hack this lab?
Create a free account to start your own dedicated server, submit flags, and earn XP on the leaderboard.
Start Hacking Free
