diff --git a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md
index 7d6889f2..8ef28aba 100644
--- a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md	
+++ b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md	
@@ -6,19 +6,19 @@
 ## Description
 
 ## Target =  Unlocked Linux machine (only tested on Ubuntu 18.04 LTS)
-                    Base install of OS, plus OPENSSH-SERVER & NET-TOOLS (if NET-TOOLS is not installed, the route command will not return data [noting major])
+Base install of OS, plus OPENSSH-SERVER & NET-TOOLS (if NET-TOOLS is not installed, the route command will not return data [noting major])
 
 ## Loot =      Contents of ~/$USER/.ssh folder (pub/priv RSA keys, known_hosts, etc..)
-                    whoami
-                    ip addr
-                    route -n
-                    /etc/passwd
-                    /etc/shadow (on the off chance you get a root terminal)
-                    uname -a
+whoami
+ip addr
+route -n
+/etc/passwd
+/etc/shadow (on the off chance you get a root terminal)
+uname -a
 
-    Two opportunites for persistence are injected:
-            Attacker's RSA key is added to ~/$USER/.ssh/authorized_keys (aka I'll Call You)
-            Reverse_TCP shell script is dropped in the ~/$USER/.config folder and a CRON job
-                added that calls it on a schedule (aka Call Me Later)
+Two opportunites for persistence are injected:
+Attacker's RSA key is added to ~/$USER/.ssh/authorized_keys (aka I'll Call You)
+Reverse_TCP shell script is dropped in the ~/$USER/.config folder and a CRON job
+  added that calls it on a schedule (aka Call Me Later)
 
 ## Configuration = HID STORAGE