Hare Sudhan
74 lines
3.3 KiB
YAML
74 lines
3.3 KiB
YAML
attack_technique: T1037.004
|
|
display_name: 'Boot or Logon Initialization Scripts: Rc.common'
|
|
atomic_tests:
|
|
- name: rc.common
|
|
auto_generated_guid: 97a48daa-8bca-4bc0-b1a9-c1d163e762de
|
|
description: |
|
|
Modify rc.common
|
|
|
|
[Reference](https://developer.apple.com/library/content/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/StartupItems.html)
|
|
supported_platforms:
|
|
- macos
|
|
executor:
|
|
command: |
|
|
sudo echo osascript -e 'tell app "Finder" to display dialog "Hello World"' >> /etc/rc.common
|
|
elevation_required: true
|
|
name: bash
|
|
|
|
|
|
- name: rc.common
|
|
auto_generated_guid: c33f3d80-5f04-419b-a13a-854d1cbdbf3a
|
|
description: |
|
|
Modify rc.common
|
|
|
|
supported_platforms:
|
|
- linux
|
|
executor:
|
|
name: bash
|
|
elevation_required: true
|
|
command: |
|
|
filename='/etc/rc.common';if [ ! -f $filename ];then sudo touch $filename;else sudo cp $filename /etc/rc.common.original;fi
|
|
printf '%s\n' '#!/bin/bash' | sudo tee /etc/rc.common
|
|
echo "python3 -c \"import os, base64;exec(base64.b64decode('aW1wb3J0IG9zCm9zLnBvcGVuKCdlY2hvIGF0b21pYyB0ZXN0IGZvciBtb2RpZnlpbmcgcmMuY29tbW9uID4gL3RtcC9UMTAzNy4wMDQucmMuY29tbW9uJykK'))\"" | sudo tee -a /etc/rc.common
|
|
printf '%s\n' 'exit 0' | sudo tee -a /etc/rc.common
|
|
sudo chmod +x /etc/rc.common
|
|
cleanup_command: |
|
|
origfilename='/etc/rc.common.original';if [ ! -f $origfilename ];then sudo rm /etc/rc.common;else sudo cp $origfilename /etc/rc.common && sudo rm $origfilename;fi
|
|
|
|
- name: rc.local
|
|
auto_generated_guid: 126f71af-e1c9-405c-94ef-26a47b16c102
|
|
description: |
|
|
Modify rc.local
|
|
|
|
supported_platforms:
|
|
- linux
|
|
executor:
|
|
name: bash
|
|
elevation_required: true
|
|
command: |
|
|
filename='/etc/rc.local';if [ ! -f $filename ];then sudo touch $filename;else sudo cp $filename /etc/rc.local.original;fi
|
|
printf '%s\n' '#!/bin/bash' | sudo tee /etc/rc.local
|
|
echo "python3 -c \"import os, base64;exec(base64.b64decode('aW1wb3J0IG9zCm9zLnBvcGVuKCdlY2hvIGF0b21pYyB0ZXN0IGZvciBtb2RpZnlpbmcgcmMubG9jYWwgPiAvdG1wL1QxMDM3LjAwNC5yYy5sb2NhbCcpCgo='))\"" | sudo tee -a /etc/rc.local
|
|
printf '%s\n' 'exit 0' | sudo tee -a /etc/rc.local
|
|
sudo chmod +x /etc/rc.local
|
|
cleanup_command: |
|
|
origfilename='/etc/rc.local.original';if [ ! -f $origfilename ];then sudo rm /etc/rc.local;else sudo cp $origfilename /etc/rc.local && sudo rm $origfilename;fi
|
|
- name: rc.local (FreeBSD)
|
|
auto_generated_guid: 2015fb48-8ab6-4fbf-928b-0b62de5c9476
|
|
description: |
|
|
Modify rc.local
|
|
|
|
supported_platforms:
|
|
- linux
|
|
executor:
|
|
name: sh
|
|
elevation_required: true
|
|
command: |
|
|
filename='/etc/rc.local';if [ ! -f $filename ];then sudo touch $filename;else sudo cp $filename /etc/rc.local.original;fi
|
|
printf '%s\n' '#\!/usr/local/bin/bash' | sudo tee /etc/rc.local
|
|
echo 'python3.9 -c "import os, base64;exec(base64.b64decode(\"aW1wb3J0IG9zCm9zLnBvcGVuKCdlY2hvIGF0b21pYyB0ZXN0IGZvciBtb2RpZnlpbmcgcmMubG9jYWwgPiAvdG1wL1QxMDM3LjAwNC5yYy5sb2NhbCcpCgo=\"))"' | sudo tee -a /etc/rc.local
|
|
printf '%s\n' 'exit 0' | sudo tee -a /etc/rc.local
|
|
sudo chmod +x /etc/rc.local
|
|
cleanup_command: |
|
|
origfilename='/etc/rc.local.original';if [ ! -f $origfilename ];then sudo rm /etc/rc.local;else sudo cp $origfilename /etc/rc.local && sudo rm $origfilename;fi
|