# RC Scripts

Adversaries may establish persistence by modifying RC scripts which are executed during a Unix-like system startup. These files allow system administrators to map and start custom services at startup for different run levels. RC scripts require root privileges to modify.

Adversary abuse of RC scripts is especially effective for lightweight Unix-like distributions using the root user as default, such as IoT or embedded systems.

Several Unix systems have moved to Systemd and deprecated the use of RC scripts.

Setting an RC script should be straight-forward , in the following example I am using a Bash script that runs in a loop if the connection is ever killed, I've encountered that a live connection when the OS is loading it will hang until the reverse shell has been killed, so it will sleep and run in a loop so that we can catch it when the user has completely logged in

<figure><img src="/files/CE9FHiLeG8JAlRfgim34" alt=""><figcaption></figcaption></figure>

The file needs to be placed in the /etc/init.d folder path from there will give it execution permissions suing the following command

`chmod +x FILENAME`

And finally we can continue with the update-rc.d this will install the script for it to execute once the user boots into the host

<figure><img src="/files/ku1xPUY5VYysY5XrABrc" alt=""><figcaption></figcaption></figure>

All we need now is to wait for the Host to reboot or power back on while waiting for a connection from our attacking machine

<figure><img src="/files/OmpNhHHZFSLKuSeQhzX4" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://dmcxblue.gitbook.io/red-team-notes-2-0/red-team-techniques/persistence/t1037-boot-or-logon-initialization-scripts/rc-scripts.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.