security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate docs from job=validate_atomics_generate_docs branch=master

Browse Source
This commit is contained in:
CircleCI Atomic Red Team doc generator
2019-12-02 16:54:49 +00:00
parent da80cf8259
commit 00972d1fc7
3 changed files with 56 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1124/T1124.md
+1 -1
View File
@@ -22,7 +22,7 @@ Identify the system time
#### Inputs
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| computer_name | computer name to query | string | computer1|
| computer_name | computer name to query | string | localhost|
#### Run it with `command_prompt`!
```
atomics/T1136/T1136.md
+28 -9
View File
@@ -39,12 +39,16 @@ Create a user via useradd
| username | Username of the user to create | String | evil_user|
| comment | Comment to record when creating the user | String | Evil Account|
#### Run it with `bash`!
#### Run it with `bash`! Elevation Required (e.g. root or admin)
```
useradd -M -N -r -s /bin/bash -c "#{comment}" #{username}
useradd -M -N -r -s /bin/bash -c evil_account #{username}
```
#### Cleanup Commands:
```
userdel #{username}
```
<br/>
<br/>
@@ -61,7 +65,7 @@ Creates a user on a MacOS system with dscl
| username | Username of the user to create | String | evil_user|
| realname | 'realname' to record when creating the user | String | Evil Account|
#### Run it with `bash`!
#### Run it with `bash`! Elevation Required (e.g. root or admin)
```
dscl . -create /Users/#{username}
dscl . -create /Users/#{username} UserShell /bin/bash
@@ -72,6 +76,10 @@ dscl . -create /Users/#{username} NFSHomeDirectory /Users/#{username}
```
#### Cleanup Commands:
```
dscl . -delete /Users/#{username}
```
<br/>
<br/>
@@ -85,14 +93,18 @@ Creates a new user in a command prompt
#### Inputs
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| username | Username of the user to create | String | Evil Account|
| username | Username of the user to create | String | T1136_CMD|
#### Run it with `command_prompt`! Elevation Required (e.g. root or admin)
```
net user /add #{username}
net user /add "#{username}"
```
#### Cleanup Commands:
```
net user /del "#{username}"
```
<br/>
<br/>
@@ -106,15 +118,18 @@ Creates a new user in PowerShell
#### Inputs
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| username | Username of the user to create | String | Evil Account|
| username | Username of the user to create | String | T1136_PowerShell|
#### Run it with `powershell`! Elevation Required (e.g. root or admin)
```
New-LocalUser -Name #{username} -NoPassword
net user /add #{username}
New-LocalUser -Name "#{username}" -NoPassword
```
#### Cleanup Commands:
```
Remove-LocalUser -Name "#{username}"
```
<br/>
<br/>
@@ -131,12 +146,16 @@ Creates a new user in Linux and adds the user to the `root` group. This techniqu
| username | Username of the user to create | String | butter|
| password | Password of the user to create | String | BetterWithButter|
#### Run it with `bash`!
#### Run it with `bash`! Elevation Required (e.g. root or admin)
```
useradd -o -u 0 -g 0 -M -d /root -s /bin/bash #{username}
echo "#{password}" | passwd --stdin #{username}
```
#### Cleanup Commands:
```
userdel #{username}
```
<br/>
atomics/index.yaml
+27 -9
View File
@@ -1302,7 +1302,11 @@ persistence:
default: Evil Account
executor:
name: bash
command: 'useradd -M -N -r -s /bin/bash -c "#{comment}" #{username}
elevation_required: true
command: 'useradd -M -N -r -s /bin/bash -c evil_account #{username}
'
cleanup_command: 'userdel #{username}
'
- name: Create a user account on a MacOS system
@@ -1322,6 +1326,7 @@ persistence:
default: Evil Account
executor:
name: bash
elevation_required: true
command: |
dscl . -create /Users/#{username}
dscl . -create /Users/#{username} UserShell /bin/bash
@@ -1329,6 +1334,9 @@ persistence:
dscl . -create /Users/#{username} UniqueID "1010"
dscl . -create /Users/#{username} PrimaryGroupID 80
dscl . -create /Users/#{username} NFSHomeDirectory /Users/#{username}
cleanup_command: 'dscl . -delete /Users/#{username}
'
- name: Create a new user in a command prompt
description: 'Creates a new user in a command prompt
@@ -1339,11 +1347,14 @@ persistence:
username:
description: Username of the user to create
type: String
default: Evil Account
default: T1136_CMD
executor:
name: command_prompt
elevation_required: true
command: 'net user /add #{username}
command: 'net user /add "#{username}"
'
cleanup_command: 'net user /del "#{username}"
'
- name: Create a new user in PowerShell
@@ -1356,13 +1367,16 @@ persistence:
username:
description: Username of the user to create
type: String
default: Evil Account
default: T1136_PowerShell
executor:
name: powershell
elevation_required: true
command: |
New-LocalUser -Name #{username} -NoPassword
net user /add #{username}
command: 'New-LocalUser -Name "#{username}" -NoPassword
'
cleanup_command: 'Remove-LocalUser -Name "#{username}"
'
- name: Create a new user in Linux with `root` UID and GID.
description: 'Creates a new user in Linux and adds the user to the `root` group.
This technique was used by adversaries during the Butter attack campaign.
@@ -1381,9 +1395,13 @@ persistence:
default: BetterWithButter
executor:
name: bash
command: |-
elevation_required: true
command: |
useradd -o -u 0 -g 0 -M -d /root -s /bin/bash #{username}
echo "#{password}" | passwd --stdin #{username}
cleanup_command: 'userdel #{username}
'
T1038:
technique:
x_mitre_permissions_required:
@@ -17981,7 +17999,7 @@ discovery:
computer_name:
description: computer name to query
type: string
default: computer1
default: localhost
executor:
name: command_prompt
elevation_required: false