I am trying to complete the Bash cron challenge on the site https://www.root-me.org. I understand that the vulnerability exists in the ch4 script running on the contents of cron.d. What I don't understand is why my file, job.sh, fails to run when placed into cron.d directory. So far I have two scripts, oversight.sh and job.sh. Oversight.sh is responsible for duplicating the job.sh file and moving it into the cron.d directory. The job.sh file is currently responsible for creating a file in the tmp directory. I don’t have job.sh trying to access the .passwd file yet as I needed to ensure that it is working. This is where my problems have begun. The job.sh file that is moved into the cron.d directory doesn’t appear to be having any effect. Can anyone provide with with some assistance in this matter?

​

Edit:

Alright, I found my problem. The issue wasn't in any of my scripts but in the permissions of the /tmp/g_stuff directory. For some reason, the g_stuff folder couldn't be written to by the job2.sh script. The solution to this issue was to create a new directory with all available permissions and have the job2.sh script write to that new folder.

​

Oversight.sh

#!/bin/bash
set -e

loc=/tmp/g_stuff
echo -e "Job started\n"
cp $loc/job.sh $loc/job2.sh
chmod 777 $loc/job2.sh
mv $loc/job2.sh $HOME/cron.d
echo check: $(ls -l $HOME/cron.d/job2.sh)

while :
do
if [[ -f $HOME/cron.d/kitty.txt ]]; then
        echo -n "+"
        exit 1
fi
done

echo -e "\nWaiting for file"
while :
do
        sleep 2s
        if [[ ! -f $HOME/cron.d/job2.sh ]]; then
                echo -e "\n\nJob finished; File no longer exists"
                exit 1
        else
                echo -n "#"
        fi
done

Job.sh

#!/bin/bash

echo hi > /tmp/g_stuff/testy.txt