I once did a HackTheBox where the privilege escalation weakness was a cronjob running a script. I’m not sure if I correctly remember all the details, but I think it read some parameters from a file and fed them to some other script. Since it had something to do with the webserver the user was administrating, they needed write access to the file, granted via ACL. That took me a while to spot, actually. Not sure why, but ACL is a constant blind spot for me. As for passing the parameters, you can just append the contents of the file to the command and pipe it to bash.

I don’t recall what the normal script did, but it needed writing permissions for something. The proper way to do this would be ACL, but I guess I’m not the only one with a blind spot. The easy way to ensure the script can do whatever it needs to is to sudo the whole thing.

So what do you do if you have a script running every ten minutes, reading the first line of a file you can edit, then executing it with superuser privileges?

Whatever the fuck you want.