This is a lightweight and educational Docker lab designed to simulate a privilege escalation scenario through vulnerable crontab configuration. The goal is to escalate from a low-privileged user to root by abusing a misconfigured cronjob.
The user tester has write access to a script executed by root every minute through crontab. By modifying the script, you may achieve command execution as root.
Your mission: get a root shell and capture the flag located at /root/flag.txt.
cronjob.sh— Script scheduled to run every minute as root.entrypoint.sh— Starts necessary services (cron + ssh).Dockerfile— Builds the vulnerable Ubuntu 20.04 environment, sets up the user, cron, and the challenge.
-
Clone this repository
git clone https://github.com/YOUR_USERNAME/cronlab-docker.git cd cronlab-docker -
Build the Docker image
docker build -t cronlab . -
Start the container
docker run -it --rm -p 2222:22 cronlab
-
Connect via SSH
ssh tester@localhost -p 2222
⚠️ Password is NOT provided.You are encouraged to perform a brute-force attack using a wordlist such as
rockyou.txtto discover the password. -
Explore & Exploit
- Modify
/opt/cronjob.shto run arbitrary commands. - Wait for the cronjob to execute and gain elevated privileges.
- Modify
If exploited correctly, you will obtain a root shell and be able to read the flag at:
/root/flag.txt
- This lab is for educational purposes only.
- Do not deploy in production environments.
- Brute-force attacks can be slow — be patient and learn the process.
If you're stuck and can't solve the lab, feel free to contact me! I'll be happy to help. 💬
📧 Email: [email protected]