establishing-persistence
Fail
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill contains extensive instructions for establishing persistence across multiple operating systems. On Windows, it provides commands to modify Registry 'Run' keys, create scheduled tasks (schtasks) with SYSTEM privileges, and install malicious services (sc create). On Linux, it includes methods for creating cron jobs, systemd services, and modifying init scripts.
- [CREDENTIALS_UNSAFE]: Includes methods for creating unauthorized administrative accounts with hardcoded credentials (e.g., 'net user backdoor P@ssw0rd /add') and injecting attacker-controlled public keys into 'authorized_keys' files for root and other users to bypass authentication.
- [REMOTE_CODE_EXECUTION]: Provides multiple web shell payloads for PHP, ASPX, and JSP environments. These scripts are designed to accept and execute arbitrary system commands via HTTP requests (e.g., using PHP's eval() or system() functions).
- [DATA_EXFILTRATION]: Demonstrates how to access sensitive system files such as /etc/shadow and /etc/passwd on Linux, or administrative registry keys on Windows, which can be used to harvest credentials.
- [COMMAND_EXECUTION]: Outlines techniques for process and library hijacking, including DLL hijacking candidates on Windows and the use of LD_PRELOAD on Linux to force malicious shared objects to load into every system process.
Recommendations
- AI detected serious security threats
Audit Metadata