Update readme.md

2019-03-26 08:59:09 -04:00 · 2019-03-26 08:59:09 -04:00 · 32d7801f0e
parent fa33a23a72
commit 32d7801f0e
1 changed files with 16 additions and 9 deletions
--- a/payloads/library/remote_access/SSHhhhhh
+++ b/payloads/library/remote_access/SSHhhhhh
@ -9,15 +9,22 @@
 ###Base install of OS, plus OPENSSH-SERVER & NET-TOOLS (if NET-TOOLS is not installed, the route command will not return data [noting major])

 ## Loot =      Contents of ~/$USER/.ssh folder (pub/priv RSA keys, known_hosts, etc..)
-###  whoami
-###  ip addr
-###  route -n
-###  /etc/passwd
-###  /etc/shadow (on the off chance you get a root terminal)
-###  uname -a
+  whoami
+  
+  ip addr
+  
+  route -n
+  
+  /etc/passwd
+  
+  /etc/shadow (on the off chance you get a root terminal)
+  
+  uname -a

-###Two opportunites for persistence are injected:
-###Attacker's RSA key is added to ~/$USER/.ssh/authorized_keys (aka I'll Call You)
-###Reverse_TCP shell script is dropped in the ~/$USER/.config folder and a CRON job added that calls it on a schedule (aka Call Me Later)
+Two opportunites for persistence are injected:
+
+  Attacker's RSA key is added to ~/$USER/.ssh/authorized_keys (aka I'll Call You)
+
+  Reverse_TCP shell script is dropped in the ~/$USER/.config folder and a CRON job added that calls it on a schedule (aka Call Me Later)

 ## Configuration = HID STORAGE