Privilege Escalation: Library Hijacking
Exploit cronjobs running python script
---------------------------------------------------------------------------------------
Python script:
since the script is using the calendar library, we will use the file: /usr/lib/python2.7/calendar.py (easily found in the python documentation)
add a reverse shell payload to the end:
source: http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
wait for the script to run:
---------------------------------------------------------------------------------------
Stricter imports:
Through globals() we can find what is imported
'day_name': <calendar._localized_day instance at 0x...>
---------------------------------------------------------------------------------------
Pivoting through different imports: