Library Hijacking

This script is only readable by everyone. Its not running in cron that we can see but we can use pspy to see if it really is.

Understand the script format and what it's doing

We can see that it's running as a cronjob and calling the call.py and urllib.py libraries but them deleting them

We can create a python reverse shell and make it call that as well and call it urllib.py

Last updated 1 year ago