Your sysadmin knows CRON? Try using AT
You want to make your backdoor persistence? One of the easiest thing is to just add it to cron. However, everybody knows cron! Of course it will be the first place to check by your sysadmin, and your malicious backdoor will be gone as easily as you put it on the cron. Try using at. Of course if someone knows it, it is also very easy to detect and remove, but I'll bet there are far fewer people that knows that the command even exists.
1
$ echo "echo 1337 > /tmp/meh" > malicious.sh
2
3
$ at -f malicious.sh now + 1 minute
4
warning: commands will be executed using /bin/sh
5
Job 1 at Thu Mar 14 18:54:00 2019
6
7
$ atq
8
1 Thu Mar 14 18:54:00 2019 a user
9
10
# wait...
11
12
$ cat /tmp/meh
13
1337
Copied!
But it only run once! What to do if you want to run this periodically? Just add at command in your scripts...
1
$ echo "at -f malicious.sh now + 1 minute" >> malicious.sh
2
$ at -f malicious.sh now + 1 minute
Copied!
Last modified 5mo ago
Copy link