2023-02-15 12:19:34 -08:00
|
|
|
attack_technique: T1613
|
2024-02-22 16:32:03 -05:00
|
|
|
display_name: "Container and Resource Discovery"
|
2023-02-15 12:19:34 -08:00
|
|
|
atomic_tests:
|
2024-03-07 10:20:22 -08:00
|
|
|
- name: Docker Container and Resource Discovery
|
2024-03-07 18:25:13 +00:00
|
|
|
auto_generated_guid: ea2255df-d781-493b-9693-ac328f9afc3f
|
2023-02-15 12:19:34 -08:00
|
|
|
description: Adversaries may attempt to discover containers and other resources that are available within a containers environment.
|
|
|
|
|
supported_platforms:
|
|
|
|
|
- containers
|
|
|
|
|
dependency_executor_name: sh
|
|
|
|
|
dependencies:
|
2024-02-12 13:23:44 -05:00
|
|
|
- description: Verify Docker is installed.
|
2023-02-15 12:19:34 -08:00
|
|
|
prereq_command: |
|
|
|
|
|
which docker
|
|
|
|
|
get_prereq_command: |
|
|
|
|
|
if [ "" == "`which docker`" ]; then echo "Docker Not Found"; if [ -n "`which apt-get`" ]; then sudo apt-get -y install docker ; elif [ -n "`which yum`" ]; then sudo yum -y install docker ; fi ; else echo "Docker installed"; fi
|
2024-02-12 13:23:44 -05:00
|
|
|
- description: Verify Docker service is running.
|
2023-02-15 12:19:34 -08:00
|
|
|
prereq_command: |
|
2024-02-12 13:23:44 -05:00
|
|
|
sudo systemctl status docker --no-pager
|
2023-02-15 12:19:34 -08:00
|
|
|
get_prereq_command: |
|
2024-03-07 10:20:22 -08:00
|
|
|
sudo systemctl start docker
|
2023-02-15 12:19:34 -08:00
|
|
|
executor:
|
|
|
|
|
command: |-
|
2024-02-12 13:23:44 -05:00
|
|
|
docker build -t t1613 $PathtoAtomicsFolder/T1613/src/
|
2024-08-02 23:38:09 +02:00
|
|
|
docker run --name t1613_container --rm -d -t t1613
|
2023-02-15 12:19:34 -08:00
|
|
|
docker ps
|
|
|
|
|
docker stats --no-stream
|
|
|
|
|
docker inspect $(docker ps -l -q --filter ancestor=t1613)
|
|
|
|
|
cleanup_command: |-
|
|
|
|
|
docker stop t1613_container
|
2024-08-02 23:38:09 +02:00
|
|
|
docker rmi -f t1613
|
2024-02-12 13:23:44 -05:00
|
|
|
name: sh
|
2024-03-07 10:20:22 -08:00
|
|
|
|
|
|
|
|
- name: Podman Container and Resource Discovery
|
2024-03-07 18:25:13 +00:00
|
|
|
auto_generated_guid: fc631702-3f03-4f2b-8d8a-6b3d055580a1
|
2024-02-12 13:23:44 -05:00
|
|
|
description: Adversaries may attempt to discover containers and other resources that are available within a containers environment.
|
|
|
|
|
supported_platforms:
|
|
|
|
|
- containers
|
|
|
|
|
dependency_executor_name: sh
|
|
|
|
|
dependencies:
|
|
|
|
|
- description: Verify Podman is installed.
|
|
|
|
|
prereq_command: |
|
|
|
|
|
which podman
|
|
|
|
|
get_prereq_command: |
|
2024-03-07 10:20:22 -08:00
|
|
|
if [ "" == "`which podman`" ]; then echo "Podman Not Found"; if [ -n "`which apt-get`" ]; then sudo apt-get -y install podman ; elif [ -n "`which yum`" ]; then sudo yum -y install podman ; elif [ -n "`which pacman`" ]; then sudo pacman -Sy podman --noconfirm ; elif [ -n "`which brew`" ]; then brew install podman ; else echo "Unsupported package manager"; fi ; else echo "Podman installed"; fi
|
2024-02-12 13:23:44 -05:00
|
|
|
- description: Verify Podman service is running.
|
|
|
|
|
prereq_command: |
|
|
|
|
|
sudo systemctl status podman --no-pager
|
|
|
|
|
get_prereq_command: |
|
2024-03-07 10:20:22 -08:00
|
|
|
sudo systemctl start podman
|
2024-02-12 13:23:44 -05:00
|
|
|
executor:
|
|
|
|
|
command: |-
|
|
|
|
|
podman build -t t1613 $PathtoAtomicsFolder/T1613/src/
|
2024-08-02 23:38:09 +02:00
|
|
|
podman run --name t1613_container --rm -d -t t1613
|
2024-02-12 13:23:44 -05:00
|
|
|
podman ps
|
|
|
|
|
podman stats --no-stream
|
|
|
|
|
podman inspect $(podman ps -l -q --filter ancestor=t1613)
|
|
|
|
|
cleanup_command: |-
|
|
|
|
|
podman stop t1613_container
|
2024-08-02 23:38:09 +02:00
|
|
|
podman rmi -f t1613
|
2024-02-12 13:23:44 -05:00
|
|
|
name: sh
|
