Hare Sudhan
21 lines
733 B
YAML
21 lines
733 B
YAML
---
|
|
attack_technique: T1098.004
|
|
display_name: SSH Authorized Keys
|
|
|
|
atomic_tests:
|
|
- name: Modify SSH Authorized Keys
|
|
auto_generated_guid: 342cc723-127c-4d3a-8292-9c0c6b4ecadc
|
|
description: |
|
|
Modify contents of <user-home>/.ssh/authorized_keys to maintain persistence on victim host.
|
|
If the user is able to save the same contents in the authorized_keys file, it shows user can modify the file.
|
|
supported_platforms:
|
|
- linux
|
|
- macos
|
|
executor:
|
|
name: sh
|
|
elevation_required: false
|
|
command: |
|
|
if [ -f ~/.ssh/authorized_keys ]; then ssh_authorized_keys=$(cat ~/.ssh/authorized_keys); echo "$ssh_authorized_keys" > ~/.ssh/authorized_keys; fi;
|
|
cleanup_command: |
|
|
unset ssh_authorized_keys
|