SSH Hijacking linux lateral movement addition proposal #9
Comments
|
@paragonsec if you submit a diff with the actual yaml file i would be able to merge these faster. -CG |
|
@carnal0wnage Created a pull request with the purposed file. Thanks! |
|
@carnal0wnage Question outside of this issue. I am putting together data exfil techniques on Linux for this project. However, there are a ton of different methods like using netcat, /dev/tcp, telnet, DNS, ssh, etc... Would it be better to separate them to their own specific yml file according to technique like one for nc, one for dns, etc...? |
|
If they are the same technique i think you can put them in one file. People can grab a line or two and make their own yaml...that's the vision anyway :-) |
|
Sounds good. Will try not to get to carried away with this lol. This is an awesome project! |
|
thanks! i really appreciate you submitting things. keep em coming :-) |
|
accepted the diff. thanks again! |
Below is my proposal for SSH Hijacking for lateral movement.
enabled: true
meta:
author: paragonsec
created: 2018-03-22
decorations:
description: Lateral Movement with SSH Agent Hijacking
link: https://www.clockwork.com/news/2012/09/28/602/ssh_agent_hijacking
mitre_link: https://attack.mitre.org/wiki/Technique/T1184
mitre_attack_phase: Lateral Movement
mitre_attack_technique: Lateral Movement with SSH Agent Hijacking
purple_actions:
1: grep ~/.ssh/config -e ForwardAgent > ssh_config.txt
2: ps ef |grep -i -e "ssh-agent" > ssh_process.txt
3: cat /proc/*/environ |tr -s '\0' '\n' | grep SSH_AUTH_SOCK |sort -u 2>/dev/null > ssh_agent.txt
os: linux
name: Lateral Movement with SSH Agent Hijacking
The text was updated successfully, but these errors were encountered: