Scheduling Jobs by crontab
来源:互联网 发布:淘宝失踪儿童在哪里 编辑:程序博客网 时间:2024/06/14 11:02
How Cron Works in Linux
Typically used to schedule such mundane, but necessary, tasks such as doing scheduled regular backups at a regular time each week, we can use it to schedule our scans or other nefarious "jobs".
The cron daemon starts when the system boots and continues to run as long as the system is up and running. It reads a configuration file or files that consist of the jobs to be run and the schedule they are to be run on. Almost anything we can do from the command line can be scheduled to be done on a regular schedule using cron.
Let's take a look how it works and how we can use it as a hacker.
Step 1: Locating Crontab
Cron is one of those functions that is almost identical across Linux distributions, so what you learn here can be used in Ubuntu, Red Hat, Suse, Mint, Slackware, CentOS, etc. It has been part of the Linux/UNIX family since the 1970s, so it is tried and true and has proven its value.
Like so many things in Linux, the cron functionality is controlled by a configuration file that is a plain text file. In a multi-user environment, each user can have their own cron configuration file, but here we will concentrate on the root user in Kali.
For cron, the configuration file is the crontab, or "cron table", file. To find the crontab file, type:
locate crontab
As you can see, it is located in the /etc directory like nearly every other configuration file in Linux (there are exceptions, of course).
Step 2: Opening Crontab
Let's open it and look around. We can open it with any text editor, but here let's use the graphical text editor built into Kali, Leafpad. Type:
leafpad /etc/crontab
The Debian version that Kali is built on has a newer version of crontab that is slightly easier to work with than earlier versions. Unlike earlier versions, they have labeled the fields and added a new field to denote the user that will run the job.
Step 3: The Anatomy of a Crontab
Let's break down the parts. As you can see in the screenshot above, the crontab starts with 5 lines that are commented (#) out. These lines are simply an explanation and notes, they are not seen or executed by the system.
After the commented lines, you see a couple of lines together.
The first of these sets the shell to run the jobs from. In our case, we have designating the BASH shell with the following command. If want to use a different shell, we could designate it here.
SHELL=/bin/sh
The second line sets the PATH variable. The PATH variable is an environment variable (there is one in Windows, too), that tells the system where to look for commands that are being used in the cron job. Typically, these are bin and sbindirectories (binary) that contain the system commands that we use in Linux (ls,echo, ps, cd, etc.).
Here the default settings are:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
This simply means that the cron daemon will look in those directories for the commands that you use in your scheduled jobs. If you are using a command or file not in those directories, simply edit that line and add that directory to the end of the line after putting in a colon (:), such as:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/newdir
Step 4: Scheduling Jobs
Now comes the meat of the crontab file. In this third section, we schedule the jobs that we want to run.
As you can see, each line represents a scheduled job that will run automatically at whatever day, date, or time you have it scheduled for.
The fields of the crontab file are as follows:
- Minute -- the exact minute when the command or will be run (0-59)
- Hour -- the exact hour when the command or job will be run (0-23)
- Day of the Month -- the exact day of the month when the command or job will be run (1-31)
- Month -- the exact month when the command or job will be run (1-12)
- Day of the week -- the exact day when you want the command to run (0-6, Sunday=0)
- User -- the user permissions that the job will run as
- Command -- the command or job you want to run
The asterisk (*), or star, represents any, so it may be any day, any hour, or any minute.
Using Cron to Find Vulnerable Servers
Now, let's imagine that we want to scan the globe for IP addresses that are vulnerable to the Heartbleed vulnerability.
Reportedly, there are over 300,000 servers that are still unpatched. Although that's a very large number, with over 2 billion IP addresses on the planet; that represents 1 out of every 10,000 IP addresses that are vulnerable. This means we will need to set up a scanner to repeatedly search thousands of IP's to find just one vulnerable server.
This is a perfect task for a cron job!
Step 5: Scheduling Our Heartbleed Scanner
We can schedule the scanner to run every night while we are asleep and hopefully, awake each morning with a new potential victim(s)!
Let's open that cron tab file again in any text editor.
Now we are going to add a line to run our nmap scanner each weeknight at 2:05 am. Simply add this line to our crontab file:
05 2 * * 1,2,3,4,5 root nmap -sV --script=ssl-heartbleed 68.76.0.0/16
Now, save and close this file.
This would schedule our nmap Heartbleed scanner to run Monday, Tuesday, Wednesday, Thursday, and Friday at precisely 2:05 am for the Heartbleed vulnerability across 65,536 IP addresses.
from: http://null-byte.wonderhowto.com/how-to/hack-like-pro-linux-basics-for-aspiring-hacker-part-18-scheduling-jobs-0154969/
- Scheduling Jobs by crontab
- Flink入门教程--Jobs and Scheduling(任务和调度)
- Unix Crontab - setting up cron jobs using crontab
- Hoj 2196 Job Scheduling by Open Bidding
- HOJ 2196 Job Scheduling by Open Bidding
- org.quartz.plugins.xml.JobInitializationPlugin] [ERROR] - Error scheduling jobs: no protocol
- jobs
- [01背包]HOJ 2196 Job Scheduling by Open Bidding
- UVALive 3387 || HOJ 2196 Job Scheduling by Open Bidding
- statement by the president on thepassing of steve jobs
- Running SQL Server Agent jobs on demand by unauthorized users
- 查看进程以及kill,jobs,fg,bg,计划任务at以及crontab
- DeSpErate: Speeding-up Design Space Exploration by using Predictive Simulation Scheduling 论文笔记
- The impression of the speech spoken by Steve Jobs in Stanford University
- The maximum report processing jobs limit configured by your system administrator has been reached
- Intellectual work by tech giants: Bill Gates, Steve Jobs, Google/Baidu founders ...
- eclipse error : Jobs should be canceled by the plugin that scheduled them during shutdown
- Job found still running .Jobs should be canceled by the plugin that scheduled them during shutdown:
- 【Android】手写优化-更为平滑的签名效果实现
- 小S带女儿滑雪素颜自拍 玩老鹰抓小鸡
- Linux下的JFreeChart中文乱码解决(图片生成后中文显示为“口”)
- Robotium中文API(05)-solo. clickLongInList
- SpringMVC与Struts2的对比
- Scheduling Jobs by crontab
- 编程实现折半法查找
- 柳岩变复古画报女郎 红唇魅惑爆乳秀美腿
- gradle学习(23)-Sonar runner
- Android中自定义属性(attrs.xml,TypedArray)的使用
- dumpsys 命令解析
- #include、#import与@class的区别
- Robotium中文API(06)-solo.clickLongOnScreen
- php利用curl上传文件到服务器(支持文件夹创建)