USP: Establishes persistence on a Linux system
USP
Establishes persistence on a Linux system by creating a udev rule that triggers the execution of a specified payload (binary or script)
Feature
This Go program establishes persistence on a Linux system by creating a udev rule that triggers the execution of a specified payload (binary or script). It offers two trigger options:
- USB Persistence: The payload is executed whenever a USB device is inserted.
- Boot Persistence: The payload is executed during system boot, leveraging the
/dev/randomdevice.
Additionally, it provides a cleanup option to remove the established persistence.
Use
- Clone the repo: git clone https://github.com/grahamhelton/USP.git
-
Compile the Go script: go build -o usp
-
Run the script with root privileges (sudo): sudo ./usp
You can customize the behavior using the following flags:
-f <filename>: Specify the path where the payload will be written (default: /usr/local/bin/persistence).-p <payload>: Specify the path to the payload file (binary or script) that will be executed. This is a required flag.-r <rulesname>: Specify the name of the udev rules file (default: 75-persistence.rules).-usb: Enable USB persistence.-random: Enable boot persistence using /dev/random.-c: Cleanup persistence, removing the payload file and udev rule.
Example
- The following uses the USB persistence method to run
example.sheverytime a USB device is connected.
sudo ./usp -p ./example.sh
- The following uses the “random” persistence method to run
my_backdoor_binaryeverytime/dev/randomis loaded (such as at boot). It is installed at/bin/ripgrep. (Masquerading as theripgrepbinary). Additionally, the rules file is created in/etc/udev/rules.d/123-notsektchy.rules
sudo ./usp -random -f /bin/ripgrep -p my_backdoor_binary -r 123-notsketchy.rules
Source: https://github.com/grahamhelton/
