From 8e5725cded5a1842cb44247a3f64402ef30b8d03 Mon Sep 17 00:00:00 2001
From: 0xshaft03 <134789339+0xshaft03@users.noreply.github.com>
Date: Fri, 10 Oct 2025 22:05:20 -0400
Subject: [PATCH] Create rsyslogd.md

---
 _gtfobins/rsyslogd.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 _gtfobins/rsyslogd.md

diff --git a/_gtfobins/rsyslogd.md b/_gtfobins/rsyslogd.md
new file mode 100644
index 00000000..76e51cd4
--- /dev/null
+++ b/_gtfobins/rsyslogd.md
@@ -0,0 +1,12 @@
+---
+description: ryslogd can be abused for remotely triggerable persistence combining filter conditions and the shell execute action.
+functions:
+  reverse-shell:
+    - description: After placing an executable or shell script on disk, you can trigger its execution via a logging facility by adding one line to the rsyslog.conf file
+      code: |
+        :msg, contains, "randomstringtomatch" ^/path/to/script.sh
+  bind-shell:
+    - description: After placing an executable or shell script on disk, you can trigger its execution via a logging facility by adding one line to the rsyslog.conf file
+      code: |
+        :msg, contains, "randomstringtomatch" ^/path/to/script.sh
+---