USP: Establishes persistence on a Linux system

USP

Establishes persistence on a Linux system by creating a udev rule that triggers the execution of a specified payload (binary or script)

Linux persistence

Feature

This Go program establishes persistence on a Linux system by creating a udev rule that triggers the execution of a specified payload (binary or script). It offers two trigger options:

  • USB Persistence: The payload is executed whenever a USB device is inserted.
  • Boot Persistence: The payload is executed during system boot, leveraging the /dev/random device.

Additionally, it provides a cleanup option to remove the established persistence.

Use

  1. Clone the repo: git clone https://github.com/grahamhelton/USP.git
  2. Compile the Go script: go build -o usp

  3. Run the script with root privileges (sudo): sudo ./usp

You can customize the behavior using the following flags:

  • -f <filename>: Specify the path where the payload will be written (default: /usr/local/bin/persistence).
  • -p <payload>: Specify the path to the payload file (binary or script) that will be executed. This is a required flag.
  • -r <rulesname>: Specify the name of the udev rules file (default: 75-persistence.rules).
  • -usb: Enable USB persistence.
  • -random: Enable boot persistence using /dev/random.
  • -c: Cleanup persistence, removing the payload file and udev rule.

Example

  • The following uses the USB persistence method to run example.sh everytime a USB device is connected.

sudo ./usp -p ./example.sh

  • The following uses the “random” persistence method to run my_backdoor_binary everytime /dev/random is loaded (such as at boot). It is installed at /bin/ripgrep. (Masquerading as the ripgrep binary). Additionally, the rules file is created in /etc/udev/rules.d/123-notsektchy.rules

sudo ./usp -random -f /bin/ripgrep -p my_backdoor_binary -r 123-notsketchy.rules

Source: https://github.com/grahamhelton/