This Go program establishes persistence on a Linux system by creating a udev rule that triggers the execution of a specified payload (binary or script). It offers two trigger options:
- USB Persistence: The payload is executed whenever a USB device is inserted.
- Boot Persistence: The payload is executed during system boot, leveraging the
/dev/randomdevice.
Additionally, it provides a cleanup option to remove the established persistence.
-
Compile the Go script:
go build -o usp -
Run the script with root privileges (sudo):
sudo ./usp
You can customize the behavior using the following flags:
-f <filename>: Specify the path where the payload will be written (default:/usr/local/bin/persistence).-p <payload>: Specify the path to the payload file (binary or script) that will be executed. This is a required flag.-r <rulesname>: Specify the name of the udev rules file (default:75-persistence.rules).-usb: Enable USB persistence.-random: Enable boot persistence using/dev/random.-c: Cleanup persistence, removing the payload file and udev rule.
- The following uses the USB persistence method to run
example.sheverytime a USB device is connected.
sudo ./usp -p ./example.sh - The following uses the "random" persistence method to run
my_backdoor_binaryeverytime/dev/randomis loaded (such as at boot). It is installed at/bin/ripgrep. (Masquerading as theripgrepbinary). Additionally, the rules file is created in/etc/udev/rules.d/123-notsektchy.rules
sudo ./usp -random -f /bin/ripgrep -p my_backdoor_binary -r 123-notsketchy.rules