Skip to content

fix: add metadata to sftp command in ssh_example.yml#233

Merged
thorinaboenke merged 5 commits into
ait-testbed:developmentfrom
DC925928496:fix/add-metadata-sftp-example
Jun 23, 2026
Merged

fix: add metadata to sftp command in ssh_example.yml#233
thorinaboenke merged 5 commits into
ait-testbed:developmentfrom
DC925928496:fix/add-metadata-sftp-example

Conversation

@DC925928496

Copy link
Copy Markdown

Problem

The sftp command in examples/ssh_example.yml (line ~77) was the only command in the playbook missing a metadata block. All other commands in the playbook have MITRE ATT&CK mappings, and this inconsistency could cause issues for users/tools that rely on metadata.

Related issue: #232

Fix

Added metadata to the sftp command that uploads linpeas.sh:

# Before:
  - type: sftp
    cmd: put
    local_path: $LINPEAS
    remote_path: /tmp/linpeas.sh
    session: "foothold"
    mode: "777"

# After:
  - type: sftp
    cmd: put
    local_path: $LINPEAS
    remote_path: /tmp/linpeas.sh
    session: "foothold"
    mode: "777"
    metadata:
      description: "Upload linpeas.sh to target via SFTP for privilege escalation enumeration"
      techniques: "T1105"
      tactics: "Execution"

MITRE ATT&CK mapping

  • T1105 (Ingress Tool Transfer) — the sftp command transfers linpeas.sh to the target system
  • Execution tactic — the transferred tool is executed in subsequent steps

Related Issues

Fixes #232

Add MITRE ATT&CK mapping for the sftp command that uploads linpeas.
The sftp command was the only one in the playbook missing metadata,
which broke consistency with all other commands.

- Add description documenting the file upload operation
- Map to T1105 (Ingress Tool Transfer) technique
- Map to Execution tactic

Fixes ait-testbed#232
Comment thread examples/ssh_example.yml Outdated

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would prefer to keep /usr/share. Not only because in our attackbed we download seclists with an ansible role to that directory, but also because this path is available on many distributions and not only on distributions that support snap

Comment thread examples/ssh_example.yml Outdated
@whotwagner

Copy link
Copy Markdown
Contributor

Please apply suggestion and solve the merge-conflict so that we can merge the pull-request

DC925928496 and others added 4 commits June 17, 2026 16:59
Co-authored-by: whotwagner <ilovemail@feedyourhead.at>
Bumps [starlette](https://github.com/Kludex/starlette) from 0.50.0 to 1.3.1.
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@0.50.0...1.3.1)

---
updated-dependencies:
- dependency-name: starlette
  dependency-version: 1.3.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
…rlette-1.3.1

Bump starlette from 0.50.0 to 1.3.1
@thorinaboenke thorinaboenke changed the base branch from main to development June 23, 2026 08:38
@thorinaboenke thorinaboenke merged commit a625843 into ait-testbed:development Jun 23, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add metadata to sftp-command in examples

3 participants