after getting a shell , the first thing to check is the available privileges , although you might escalate it using various methods how can you preserve the level of access across reboots?
Well there could probably be a few ways.
Set up a specific port to open itself and run a service on there at bootup.
Write a script that reaches out to a server you control and tries to connect to it .
If it’s a local priv escalation exploit, see if you can automate it and then stick that exploit in the cloud and have the box download it on bootup.
Create a new permanent admin user that you can just log in with.
Of course most of these methods rely on cron job or triggering an action on boot, which won’t always be available. If it’s linux and you have access to crontab, add in a line starting with @REBOOT, this will trigger whenever the machine restarts. Can be easy to detect though
thank you , will try that out.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.