SSH for Persistence
MITRE ATT&CK™ Persistence - Tactic TA0003
Last updated
Was this helpful?
MITRE ATT&CK™ Persistence - Tactic TA0003
Last updated
Was this helpful?
SSH (Secure Shell) is a versatile and widely-used protocol that provides secure remote access to systems and services. While it serves as a fundamental tool for authorized system administration, it can also be exploited by attackers to establish persistence on compromised systems. Through various techniques, ranging from simple SSH key-based attacks to more sophisticated methods like public key backdooring, adversaries can maintain unauthorized access and evade detection.
It's possible to backdoor an SSH public key using the command=
argument. The backdoor will execute whenever the user logs in using this key.
To be stealhier, we can encode the command to be executed
Simply add this to the begening of the public key