PwnKata
Start drilling free
Home Linux Privilege Escalation Cron PATH Hijack
medium Live now Linux · Privilege Escalation

Cron PATH Hijack

When a root scheduled task trusts PATH, the writable directory before system paths becomes the attack surface.

Read the scheduled job, inspect the script it launches, find the relative command name, and plant an executable with that name in the writable PATH entry.

Variants add decoy writable directories and different maintenance scripts so you have to confirm the active job path before exploiting it.

What you'll practice

cronPATH hijacklinux privilege escalation
drill workspace · session live
medium

Cron PATH Hijack

When a root scheduled task trusts PATH, the writable directory before system paths becomes the attack surface.

Objective

Recover the flag at /root/flag.txt and submit it.

Drill this now

Spin up a live isolated target and start practicing in seconds — free.

Start drilling

Related linux privilege escalation techniques

Linux · Privilege Escalation Live

File Capability Privilege Escalation

Linux file capabilities can grant one binary more power than intended. Drill finding and abusing that mistake.

easy
Linux · Privilege Escalation Live

sudo -l Privilege Escalation

A misconfigured sudo rule is one of the most common real-world Linux privesc paths. Drill it until `sudo -l` is the first thing your fingers type.

easy
Linux · Privilege Escalation Live

SUID Binary Privilege Escalation

A stray SUID bit on the wrong binary is an instant root. Drill enumerating and abusing SUID binaries until it's automatic.

easy