security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

T1133 (#1295)

Browse Source 
Co-authored-by: Toua Lor <tlor@nti.local>
This commit is contained in:
tlor89
2020-11-27 14:55:37 -06:00
committed by GitHub
parent 83b21a9487
commit 164da2cfa0
2 changed files with 157 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1133/T1133.yaml
+47
View File
@@ -0,0 +1,47 @@
---
attack_technique: T1133
display_name: External Remote Services
atomic_tests:
- name: Running Chrome VPN Extensions via the Registry 2 vpn extension
description: |
Running Chrome VPN Extensions via the Registry install 2 vpn extension, please see "T1133\src\list of vpn extension.txt" to view complete list
supported_platforms:
- windows
input_arguments:
chrome_url:
description: chrome installer download URL
type: url
default: https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7BFD62DDBC-14C6-20BD-706F-C7744738E422%7D%26lang%3Den%26browser%3D3%26usagestats%3D0%26appname%3DGoogle%2520Chrome%26needsadmin%3Dprefers%26ap%3Dx64-stable-statsdef_1%26installdataindex%3Dempty/chrome/install/ChromeStandaloneSetup64.exe
extension_id:
description: chrome extension id
type: String
default: |
"fcfhplploccackoneaefokcmbjfbkenj", "fdcgdnkidjaadafnichfpabhfomcebme"
dependency_executor_name: powershell # (optional) The executor for the prereq commands, defaults to the same executor used by the attack commands
dependencies: # (optional)
- description: |
chrome must be installed
prereq_command: 'if (cmd /c "chrome 2>nul") {exit 0} else {exit 1}'
get_prereq_command: | # commands to meet this prerequisite or a message describing how to meet this prereq
Invoke-WebRequest -OutFile $env:temp\ChromeStandaloneSetup64.exe #{chrome_url}
Start-Process $env:temp\ChromeStandaloneSetup64.exe /S
executor:
name: powershell
elevation_required: true
command: | # these are the actaul attack commands, at least one command must be provided
$extList = #{extension_id}
foreach ($extension in $extList) {
New-Item -Path HKLM:\Software\Wow6432Node\Google\Chrome\Extensions\$extension -Force
New-ItemProperty -Path "HKLM:\Software\Wow6432Node\Google\Chrome\Extensions\$extension" -Name "update_url" -Value "https://clients2.google.com/service/update2/crx" -PropertyType "String" -Force}
Start-Process -FilePath "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
Start-Sleep -Seconds 30
Stop-Process -Name "chrome"
cleanup_command: | # you can remove the cleanup_command section if there are no cleanup commands
$extList = #{extension_id}
foreach ($extension in $extList) {
Remove-Item -Path "HKLM:\Software\Wow6432Node\Google\Chrome\Extensions\$extension" -ErrorAction Ignore}
atomics/T1133/src/list of vpn extension.txt
+110
View File
@@ -0,0 +1,110 @@
ZenMate VPN - fdcgdnkidjaadafnichfpabhfomcebme
1clickVPN - fcfhplploccackoneaefokcmbjfbkenj
Touch VPN - bihmplhobchoageeokmgbdihknkjbknd
Hola Free VPN - gkojfkhlekighikafcpjkiklfbnlmeio
Astar VPN - jajilbjjinjmgcibalaakngmkilboobh
VPN Free - gjknjjomckknofjidppipffbpoekiipm
Earth VPN - nabbmpekekjknlbkgpodfndbodhijjem
DotVPN - kpiecbcckbofpmkkkdibbllpinceiihk
Hotspot Shield Free VPN - nlbejmccbhkncgokjcmghpfloaajcffj
Browsec VPN - omghfjlpggmjjaagoclmmobgdodcjboh
VPN-free.pro - bibjcjfmgapbfoljiojpipaooddpkpai
VPN Unlimited Free - mpcaainmfjjigeicjnlkdfajbioopjko
PP VPN - jljopmgdobloagejpohpldgkiellmfnc
IP Unblock - lochiccbgeohimldjooaakjllnafhaid
Surf VPN - nhnfcgpcbfclhfafjlooihdfghaeinfc
iNinja VPN - ookhnhpkphagefgdiemllfajmkdkcaim
Daily VPN - namfblliamklmeodpcelkokjbffgmeoo
Hoxx VPN Proxy - nbcojefnccbanplpoffopkoepjmhgdgh
Free VPN - majdfhpaihoncoakbjgbdhglocklcgno
VPN PROXY MASTER - lnfdmdhmfbimhhpaeocncdlhiodoblbd
Urban Free VPN - eppiocemhmnlbhjplcgkofciiegomcon
SaferVPN Proxy - cocfojppfigjeefejbpfmedgjbpchcng
VPN Professional - foiopecknacmiihiocgdjgbjokkpkohc
AdGuard VPN - hhdobjgopfphlmjbmnpglhfcgppchgje
Free VPN - jgbaghohigdbgbolncodkdlpenhcmcge
Free One Touch VPN - inligpkjkhbpifecbdjhmdpcfhnlelja
Unlimited VPN & Proxy by ibVPN - higioemojdadgdbhbbbkfbebbdlfjbip
RusVPN - hipncndjamdcmphkgngojegjblibadbe
Azino VPN - iolonopooapdagdemdoaihahlfkncfgg
Pron VPN - nhfjkakglbnnpkpldhjmpmmfefifedcj
Free Residential VPN - jpgljfpmoofbmlieejglhonfofmahini
ExpressVPN - fgddmllnllkalaagkghckoinaemmogpe
Hotspot Shield Elite VPN Proxy - ejkaocphofnobjdedneohbbiilggdlbi
Hide My IP VPN - keodbianoliadkoelloecbhllnpiocoi
Tunnello VPN - hoapmlpnmpaehilehggglehfdlnoegck
HMA VPN Proxy Unblocker - poeojclicodamonabcabmapamjkkmnnk
Free Avira Phantom VPN - dfkdflfgjdajbhocmfjolpjbebdkcjog
Hola VPN - kcdahmgmaagjhocpipbodaokikjkampi
Free VPN for Chrome - klnkiajpmpkkkgpgbogmcgfjhdoljacg
Hub VPN - lneaocagcijjdpkcabeanfpdbmapcjjg
Free Proxy VPN - pgfpignfckbloagkfnamnolkeaecfgfh
Private Internet Access - jplnlifepflhkbkgonidnobkakhmpnmh
Turbo VPN for PC - jliodmnojccaloajphkingdnpljdhdok
Windscribe - hnmpcagpplmpfojmgmnngilcnanddlhb
CyberGhost VPN - ffbkglfijbcbgblgflchnbphjdllaogb
VPN.AC - kcndmbbelllkmioekdagahekgimemejo
Browser VPN - jdgilggpfmjpbodmhndmhojklgfdlhob
DEEPRISM VPN - bihhflimonbpcfagfadcnbbdngpopnjb
My Browser Vpn - ppajinakbfocjfnijggfndbdmjggcmde
SetupVPN - oofgbpoabipfcfjapgnbbjjaenockbdp
Wachee VPN - bhnhkdgoefpmekcgnccpnhjfdgicfebm
Thunder Proxy - knmmpciebaoojcpjjoeonlcjacjopcpf
Free Proxy VPN - dhadilbmmjiooceioladdphemaliiobo
FastestVPN Proxy - jedieiamjmoflcknjdjhpieklepfglin
WorkingVPN - mhngpdlhojliikfknhfaglpnddniijfh
TunnelBear VPN - omdakjcmkglenbhjadbccaookpfjihpa
BelkaVPN - npgimkapccfidfkfoklhpkgmhgfejhbj
VPN Master - akeehkgglkmpapdnanoochpfmeghfdln
Unblock Websites - gbmdmipapolaohpinhblmcnpmmlgfgje
Lethean Proxy VPN - aigmfoeogfnljhnofglledbhhfegannp
Whoer VPN - cgojmfochfikphincbhokimmmjenhhgk
Best VPN USA - ficajfeojakddincjafebjmfiefcmanc
FREE VPN DEWELOPMENT - ifnaibldjfdmaipaddffmgcmekjhiloa
apkfold free vpn - jbnmpdkcfkochpanomnkhnafobppmccn
Soul VPN - apcfdffemoinopelidncddjbhkiblecc
DotVPN - mjolnodfokkkaichkcjipfgblbfgojpa
rderzh VPN Proxy - oifjbnnafapeiknapihcmpeodaeblbkn
Red Panda VPN - plpmggfglncceinmilojdkiijhmajkjh
Ultrareach VPN - mjnbclmflcpookeapghfhapeffmpodij
FastStunnel VPN - bblcccknbdbplgmdjnnikffefhdlobhp
VirtualShield VPN - aojlhgbkmkahabcmcpifbolnoichfeep
Adblock Office VPN Proxy Server - lcmammnjlbmlbcaniggmlejfjpjagiia
Guru VPN & Proxy - knajdeaocbpmfghhmijicidfcmdgbdpm
Malus VPN - bdlcnpceagnkjnjlbbbcepohejbheilk
Muscle VPN - edknjdjielmpdlnllkdmaghlbpnmjmgb
Push VPN - eidnihaadmmancegllknfbliaijfmkgo
Gom VPN - ckiahbcmlmkpfiijecbpflfahoimklke
Free Fast VPN - macdlemfnignjhclfcfichcdhiomgjjb
BullVPN - chioafkonnhbpajpengbalkececleldf
HideAll VPN - amnoibeflfphhplmckdbiajkjaoomgnj
ProxyFlow - llbhddikeonkpbhpncnhialfbpnilcnc
Cloud VPN - pcienlhnoficegnepejpfiklggkioccm
sVPN - iocnglnmfkgfedpcemdflhkchokkfeii
Social VPN - igahhbkcppaollcjeaaoapkijbnphfhb
Trellonet Trellonet - njpmifchgidinihmijhcfpbdmglecdlb
WindmillVPN - ggackgngljinccllcmbgnpgpllcjepgc
IPBurger Proxy & VPN - kchocjcihdgkoplngjemhpplmmloanja
Veee - bnijmipndnicefcdbhgcjoognndbgkep
Anonymous Proxy Vpn Browser - lklekjodgannjcccdlbicoamibgbdnmi
Hideman VPN - dbdbnchagbkhknegmhgikkleoogjcfge
Fornex VPN - egblhcjfjmbjajhjhpmnlekffgaemgfh
WeVPN - ehbhfpfdkmhcpaehaooegfdflljcnfec
VPNMatic - bkkgdjpomdnfemhhkalfkogckjdkcjkg
Urban Shield - almalgbpmcfpdaopimbdchdliminoign
Prime VPN - akkbkhnikoeojlhiiomohpdnkhbkhieh
westwind - gbfgfbopcfokdpkdigfmoeaajfmpkbnh
Upnet - bniikohfmajhdcffljgfeiklcbgffppl
uVPN - lejgfmmlngaigdmmikblappdafcmkndb
Nucleus VPN - ffhhkmlgedgcliajaedapkdfigdobcif
Touch VPN - bihmplhobchoageeokmgbdihknkjbknd
FoxyProxy Standard - gcknhkkoolaabfmlnjonogaaifnjlfnp
GeoProxy - pooljnboifbodgifngpppfklhifechoe
NordVPN - fjoaledfpmneenckfbpdfhkmimnjocfa
ProxFlow - aakchaleigkohafkfjfjbblobjifikek
Proxy SwitchySharp - dpplabbmogkhghncfbfdeeokoefdjegm
Proxy SwitchyOmega - padekgcemlokbadohgkifijomclgjgif
PureVPN - bfidboloedlamgdmenmlbipfnccokknp
RusVPN - hipncndjamdcmphkgngojegjblibadbe
SaferVPN - cocfojppfigjeefejbpfmedgjbpchcng
TunnelBear VPN - omdakjcmkglenbhjadbccaookpfjihpa