From 32d7801f0ea4c01e9576bbf8fc4d841f3af79eae Mon Sep 17 00:00:00 2001
From: WWVB <48934034+WWVB@users.noreply.github.com>
Date: Tue, 26 Mar 2019 08:59:09 -0400
Subject: [PATCH] Update readme.md

---
 .../remote_access/SSHhhhhh (Linux)/readme.md  | 25 ++++++++++++-------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md
index 8a2e74d0..d679a838 100644
--- a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md	
+++ b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md	
@@ -9,15 +9,22 @@
 ###Base install of OS, plus OPENSSH-SERVER & NET-TOOLS (if NET-TOOLS is not installed, the route command will not return data [noting major])
 
 ## Loot =      Contents of ~/$USER/.ssh folder (pub/priv RSA keys, known_hosts, etc..)
-###  whoami
-###  ip addr
-###  route -n
-###  /etc/passwd
-###  /etc/shadow (on the off chance you get a root terminal)
-###  uname -a
+  whoami
+  
+  ip addr
+  
+  route -n
+  
+  /etc/passwd
+  
+  /etc/shadow (on the off chance you get a root terminal)
+  
+  uname -a
 
-###Two opportunites for persistence are injected:
-###Attacker's RSA key is added to ~/$USER/.ssh/authorized_keys (aka I'll Call You)
-###Reverse_TCP shell script is dropped in the ~/$USER/.config folder and a CRON job added that calls it on a schedule (aka Call Me Later)
+Two opportunites for persistence are injected:
+
+  Attacker's RSA key is added to ~/$USER/.ssh/authorized_keys (aka I'll Call You)
+
+  Reverse_TCP shell script is dropped in the ~/$USER/.config folder and a CRON job added that calls it on a schedule (aka Call Me Later)
 
 ## Configuration = HID STORAGE