hak5
/
bashbunny-payloads
mirror of https://github.com/hak5/bashbunny-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update readme.md

pull/375/head
WWVB 2019-03-26 08:59:09 -04:00 committed by GitHub
parent fa33a23a72
commit 32d7801f0e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
payloads/library/remote_access/SSHhhhhh (Linux)/readme.md
View File

@ -9,15 +9,22 @@
###Base install of OS, plus OPENSSH-SERVER & NET-TOOLS (if NET-TOOLS is not installed, the route command will not return data [noting major]) ###Base install of OS, plus OPENSSH-SERVER & NET-TOOLS (if NET-TOOLS is not installed, the route command will not return data [noting major])
## Loot = Contents of ~/$USER/.ssh folder (pub/priv RSA keys, known_hosts, etc..) ## Loot = Contents of ~/$USER/.ssh folder (pub/priv RSA keys, known_hosts, etc..)
### whoami whoami
### ip addr
### route -n ip addr
### /etc/passwd
### /etc/shadow (on the off chance you get a root terminal) route -n
### uname -a
/etc/passwd
/etc/shadow (on the off chance you get a root terminal)
uname -a
###Two opportunites for persistence are injected: Two opportunites for persistence are injected:
###Attacker's RSA key is added to ~/$USER/.ssh/authorized_keys (aka I'll Call You)
###Reverse_TCP shell script is dropped in the ~/$USER/.config folder and a CRON job added that calls it on a schedule (aka Call Me Later) Attacker's RSA key is added to ~/$USER/.ssh/authorized_keys (aka I'll Call You)
Reverse_TCP shell script is dropped in the ~/$USER/.config folder and a CRON job added that calls it on a schedule (aka Call Me Later)
## Configuration = HID STORAGE ## Configuration = HID STORAGE