USP: Establishes persistence on a Linux system
USP
Establishes persistence on a Linux system by creating a udev rule that triggers the execution of a specified payload (binary or script)
Feature
This Go program establishes persistence on a Linux system by creating a udev rule that triggers the execution of a specified payload (binary or script). It offers two trigger options:
- USB Persistence: The payload is executed whenever a USB device is inserted.
- Boot Persistence: The payload is executed during system boot, leveraging the
/dev/random
device.
Additionally, it provides a cleanup option to remove the established persistence.
Use
- Clone the repo: git clone https://github.com/grahamhelton/USP.git
-
Compile the Go script: go build -o usp
-
Run the script with root privileges (sudo): sudo ./usp
You can customize the behavior using the following flags:
-f <filename>
: Specify the path where the payload will be written (default: /usr/local/bin/persistence).-p <payload>
: Specify the path to the payload file (binary or script) that will be executed. This is a required flag.-r <rulesname>
: Specify the name of the udev rules file (default: 75-persistence.rules).-usb
: Enable USB persistence.-random
: Enable boot persistence using /dev/random.-c
: Cleanup persistence, removing the payload file and udev rule.
Example
- The following uses the USB persistence method to run
example.sh
everytime a USB device is connected.
sudo ./usp -p ./example.sh
- The following uses the “random” persistence method to run
my_backdoor_binary
everytime/dev/random
is loaded (such as at boot). It is installed at/bin/ripgrep
. (Masquerading as theripgrep
binary). Additionally, the rules file is created in/etc/udev/rules.d/123-notsektchy.rules
sudo ./usp -random -f /bin/ripgrep -p my_backdoor_binary -r 123-notsketchy.rules
Source: https://github.com/grahamhelton/