Hacking Notes
  • Hacking Notes
  • Penetration Testing Methodology
    • Host Discovery
    • Information Gathering
    • Exploit Research
    • Exploit Development
    • Exploit Testing
    • Exploiting
    • Information Gathering
    • Privilege Escalation
  • Shells
    • Reverse Shell Cheat Sheet
    • Bind Shell Cheat Sheet
    • Webshells
    • C Shell
  • Stuck?
  • LICENSE
  • Windows
    • Windows Information Gathering
    • Windows PrivEsc
      • Method
      • PE Scripts
      • Potatos
      • Windows Privs
    • Transferring Files
    • Active Directory
      • ad-attacks
      • auth-enumeration
      • unauth-enumeration
      • authentication-delegation
      • reference
      • Kerberos
        • Authentication Delegation
      • mind-map
    • LNK Files
    • SCF Files
    • Compile Code
    • Tips & Tricks
  • Linux
    • Linux OS Information Gathering
    • Linux PrivEsc
      • methodology
      • Privilege Escalation Scripts
        • LinEnum
    • Hosting Files
    • Linux File System
    • Scheduling Jobs
    • POSIX
      • Scripting
      • Notes
  • Web Application Testing
    • Methodology
    • Enumeration
    • Attacks
      • SQLi
      • File Inclusion
      • Directory Traversal
      • Cross-Site Scripting
      • Login Forms
      • Content Injection
      • XSS
    • Assessment Tools
      • ZAP
      • ffuf
      • Nikto
      • wpscan
      • zap
    • Wordpress
      • wpscan
    • Apache
    • Nostromo
  • Services
    • Services
      • Active Directory Administration
      • Cups
      • DFSR
      • DHCP Client
      • DHCP Server
      • DNS
      • FTP
      • HTTP
      • HTTP(S)
      • IIS
      • Imap Encrypted
      • IMAP
      • IPsec
        • Kerberos
        • LDAP
        • ldaps
        • MSRPC
        • MSSQL
        • MySQL
        • Netbios Datagram Service
        • Netbios Name Service
        • Netbios Session Service
        • NFS
        • NNTP
        • NTP
        • Oracle
        • POP3
        • POP3 Encrypted
        • RDP
      • Redis
        • RFSP
        • RPCbind / Portmapper
        • RSIP
        • RTSP
      • RSYNC
        • SMB
        • SMTP
        • SNMP
        • SSH
        • Telnet
        • TFTP
        • VNC
      • VNC Remote Desktop
      • VNC Web Interface
        • WinRM
      • Wins
  • Containers
    • Docker
  • Buffer Overflow
    • Buffer Overflow
    • win32
  • Tools
    • Windows
      • chisel
      • mimikatz
      • mssqlclient.py
      • plink
      • psexec.py
      • smbeagle
      • winexe
    • Linux
      • chisel
      • evil-winrm
      • exiftool
      • Impacket
        • GetADUsers
        • GetNPUsers
        • getST
        • getTGT
        • GetUserSPNS
        • secretsdump
        • smbclient
        • wmiexec
      • jd-gui
      • ldapsearch
      • strings
      • smbeagle
      • Helpful Sites
  • Misc
    • Tunneling
    • Cryptography
    • Regex
    • Tools to Checkout
  • Password Cracking
    • Hashcat
    • John The Ripper
  • Tunneling
    • Tunnels
  • Web3
    • Introduction
    • Audit Process
    • Report Writing
    • List of Tools
    • Web3 References
Powered by GitBook
On this page
  • Introduction
  • Cron
  • Systemd Timers
  • View Timers

Was this helpful?

  1. Linux

Scheduling Jobs

PreviousLinux File SystemNextPOSIX

Last updated 3 years ago

Was this helpful?

Introduction

When penetration testing Linux systems you may come across a system that is running a job at a regular interval. Sometimes those can be hijacked or otherwise abused. Here I discuss the two main methods, cron jobs and systemd timers.

Cron

Systemd Timers

You need three elements

  • Script or program to run

  • Systemd service

    • Goes into /etc/systemd/system or /lib/systemd/system/ and ents in .service

  • Timer to start the service

    • Goes into /etc/systemd/system/ and ends in .timer

    • Timers run the .service that shares the same name as it by default

      • This behavior can be changed by adding Unit=<service name> in the [Timer] section

Example Script

#!/bin/bash
echo "The date is $(date)" >> /tmp/log.log

Example Service

[Unit]
Description=My custom script

[Service]
Type=simple
ExecStart=/opt/myscript.sh
User=arronp

Example Timers

[Unit]
Description=My Custom script

[Timer]
Unit=myscript.service
OnBootSec=5min
OnUnitActiveSec=15min

[Install]
Wantedby=graphical.timer
[Unit]
Description=My Custom script

[Timer]
Unit=myscript.service
OnCalendar=Thu *-*-* 17:00:00

[Install]
Wantedby=timers.target

To start the timer once all elements are in place:

sudo systemctl deamon-reload
sudo systemctl enable myscript.timer
sudo systemctl start myscript.timer

View Timers

You can view all of the timers with:

systemclt list-timers

Continuously look at timers every second with:

watch -n 1 'systemctl list-timers'
https://www.youtube.com/watch?v=Oup21KLlpD8