Scenario: Amsterdam: Cron Hijack

Level: Medium

Type: Hack

Tags: cron   hack  

Access: Email

Description: You are logged in as the user admin. A cron job (not a systemd timer) appears to be running as root every minute, related to a health check. We've discovered this set up may be insecure.

Your mission is to find the running cron job, analyze it for a vulnerability, and exploit it to read the secret file at /root/secret.txt

Save the secret string from the secret file to the file /home/admin/solution.txt.

Root (sudo) Access: False

Test: cat /home/admin/solution.txt displays the same string that is in /root/secret.txt, with md5sum /home/admin/solution.txt returning c6ef5d3ea5e937ae56f8635f91cc727a (the solution string without an ending newline is also accepted)

The "Check My Solution" button runs the script /home/admin/agent/check.sh, which you can see and execute.

Time to Solve: 15 minutes.