Added T1098.004 tests
This commit is contained in:
haresudhan
@@ -0,0 +1,19 @@
|
||||
---
|
||||
attack_technique: T1098.004
|
||||
display_name: SSH Authorized Keys
|
||||
|
||||
atomic_tests:
|
||||
- name: Modify SSH Authorized Keys
|
||||
description: |
|
||||
Modify contents of <user-home>/.ssh/authorized_keys to maintain persistence on victim host.
|
||||
If the user is able to save the same contents in the authorized_keys file, it shows user can modify the file.
|
||||
supported_platforms:
|
||||
- macos
|
||||
- linux
|
||||
executor:
|
||||
name: sh
|
||||
elevation_required: true
|
||||
command: |
|
||||
if [ -f ~/.ssh/authorized_keys ]; then ssh_authorized_keys=$(cat ~/.ssh/authorized_keys); echo $ssh_authorized_keys > ~/.ssh/authorized_keys; fi;
|
||||
cleanup_command: |
|
||||
unset ssh_authorized_keys
|
||||
Reference in New Issue
Block a user