Skip to main content

One post tagged with "Scheduled Job Abuse"

Scheduled job abuse involves exploiting the scheduling feature of a system or application to execute malicious code at predetermined times. This can be done by manipulating cron jobs, Windows Task Scheduler, or other scheduled task mechanisms to run unauthorized scripts, binaries, or commands. By leveraging these scheduling features, attackers can achieve persistent access, execute payloads, and maintain control over the compromised system even after initial exploitation has been mitigated.

View All Tags

HTB | Markup | Write-Up

· 15 min read

Summary:

We test connectivity to the target and scan it, then enumerate its website and login with some default credentials. Once we have user access, we continue enumerating the site. Analyzing the page source code reveals the used XML version and a potential username.

We exploit the found XXE vulnerability to leak the user's private SSH key, allowing us to access the target machine via SSH and gain user-level access. Next, we grab the user flag. With our foothold established, we enumerate the machine with user-level access until we find a job.bat file that runs with administrator privileges. We exploit this by modifying the scheduled job to run our reverse shell, wait for it to execute, and catch the connection to gain administrative access to the target machine. Finally, we grab the root flag.

Machine Name: Markup | Difficulty: Easy | OS: Windows