Add steps to backdoor-ssh-authorized-keys

facebookincubator · Aug 7, 2023 · 33276bb · 33276bb
1 parent 65d0d26
commit 33276bb
Showing 1 changed file with 18 additions and 1 deletion.
diff --git a/persistence/ssh/backdoor-ssh-authorized-keys/README.md b/persistence/ssh/backdoor-ssh-authorized-keys/README.md
@@ -16,7 +16,7 @@ on a target system.
 ## Pre-requisites
 
 Ensure an authorized_keys file is present for the user at the path
-specified, or at the default location ($HOME/.ssh/authorized_keys).
+specified, or at the default location (`$HOME/.ssh/authorized_keys`).
 
 ## Examples
 
@@ -31,3 +31,20 @@ ttpforge -c config.yaml \
     --arg rogue_key="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXY7PWSZ7QafZ5LsBxGVtAcAwn706dJENP1jXlX3fVa Test public key" \
     --arg cleanup=true
 ```
+
+## Steps
+
+1. **Setup**: Checks for the presence of the `authorized_keys` file at the
+   specified path or at the default location (`$HOME/.ssh/authorized_keys`).
+   If absent, an error message is displayed and the script exits. If present,
+   it backs up the original file for potential restoration.
+
+1. **Add Rogue Key**: Takes the provided `rogue_key` argument and appends it
+   to the `authorized_keys` file at the specified or default path. This
+   allows the rogue public SSH key to be used for maintaining persistence
+   on the target system.
+
+1. **Cleanup**: If the `cleanup` argument is set to `true`, the script
+   restores the original `authorized_keys` file from the backup created
+   during the execution of the script. This will remove the rogue key and
+   revert the file to its original state.