scudette
commented
3 months ago The ssh accessor is used to read remote files - it can not execute arbitrary tools on the endpoint - UAC collector is a shell script which is pushed to the endpoint normally so it can not be used via the ssh accessor.
gdms04
I successfully used the SSH accessor to remap a Linux client to my Velociraptor server as “RemoteSSH” using velociraptor-v0.72.0-linux-amd64. I was able to run some basic artifacts like Linux.Sys.LogHunter, System.VFS.ListDirectory, etc.
However, when I ran Exchange.Generic.Collection.UAC, it was unable to successfully create a tempdir. The user I used is root, so it should have sufficient privileges to create a directory.
I tried using a standard client on the same artifact and it was successful.
I’m wondering if I missed anything when I set up the client remapping. Thanks!