Generated docs from job=generate-docs branch=master [ci skip]

atomics/Indexes/Indexes-CSV/index.csv

@@ -22,6 +22,8 @@ defense-evasion,T1222.002,Linux and Mac File and Directory Permissions Modificat
 defense-evasion,T1222.002,Linux and Mac File and Directory Permissions Modification,7,chown - Change file or folder mode ownership only,967ba79d-f184-4e0e-8d09-6362b3162e99,bash
 defense-evasion,T1222.002,Linux and Mac File and Directory Permissions Modification,8,chown - Change file or folder ownership recursively,3b015515-b3d8-44e9-b8cd-6fa84faf30b2,bash
 defense-evasion,T1222.002,Linux and Mac File and Directory Permissions Modification,9,chattr - Remove immutable file attribute,e7469fe2-ad41-4382-8965-99b94dd3c13f,sh
+defense-evasion,T1222.002,Linux and Mac File and Directory Permissions Modification,10,Chmod through c script,973631cf-6680-4ffa-a053-045e1b6b67ab,sh
+defense-evasion,T1222.002,Linux and Mac File and Directory Permissions Modification,11,Chown through c script,18592ba1-5f88-4e3c-abc8-ab1c6042e389,sh
 defense-evasion,T1216.001,PubPrn,1,PubPrn.vbs Signed Script Bypass,9dd29a1f-1e16-4862-be83-913b10a88f6c,command_prompt
 defense-evasion,T1006,Direct Volume Access,1,Read volume boot sector via DOS device path (PowerShell),88f6327e-51ec-4bbf-b2e8-3fea534eab8b,powershell
 defense-evasion,T1014,Rootkit,1,Loadable Kernel Module based Rootkit,dfb50072-e45a-4c75-a17e-a484809c8553,sh

atomics/Indexes/Indexes-CSV/linux-index.csv

@@ -10,6 +10,8 @@ defense-evasion,T1222.002,Linux and Mac File and Directory Permissions Modificat
 defense-evasion,T1222.002,Linux and Mac File and Directory Permissions Modification,7,chown - Change file or folder mode ownership only,967ba79d-f184-4e0e-8d09-6362b3162e99,bash
 defense-evasion,T1222.002,Linux and Mac File and Directory Permissions Modification,8,chown - Change file or folder ownership recursively,3b015515-b3d8-44e9-b8cd-6fa84faf30b2,bash
 defense-evasion,T1222.002,Linux and Mac File and Directory Permissions Modification,9,chattr - Remove immutable file attribute,e7469fe2-ad41-4382-8965-99b94dd3c13f,sh
+defense-evasion,T1222.002,Linux and Mac File and Directory Permissions Modification,10,Chmod through c script,973631cf-6680-4ffa-a053-045e1b6b67ab,sh
+defense-evasion,T1222.002,Linux and Mac File and Directory Permissions Modification,11,Chown through c script,18592ba1-5f88-4e3c-abc8-ab1c6042e389,sh
 defense-evasion,T1014,Rootkit,1,Loadable Kernel Module based Rootkit,dfb50072-e45a-4c75-a17e-a484809c8553,sh
 defense-evasion,T1014,Rootkit,2,Loadable Kernel Module based Rootkit,75483ef8-f10f-444a-bf02-62eb0e48db6f,sh
 defense-evasion,T1548.003,Sudo and Sudo Caching,1,Sudo usage,150c3a08-ee6e-48a6-aeaf-3659d24ceb4e,sh

atomics/Indexes/Indexes-CSV/macos-index.csv

@@ -8,6 +8,8 @@ defense-evasion,T1222.002,Linux and Mac File and Directory Permissions Modificat
 defense-evasion,T1222.002,Linux and Mac File and Directory Permissions Modification,7,chown - Change file or folder mode ownership only,967ba79d-f184-4e0e-8d09-6362b3162e99,bash
 defense-evasion,T1222.002,Linux and Mac File and Directory Permissions Modification,8,chown - Change file or folder ownership recursively,3b015515-b3d8-44e9-b8cd-6fa84faf30b2,bash
 defense-evasion,T1222.002,Linux and Mac File and Directory Permissions Modification,9,chattr - Remove immutable file attribute,e7469fe2-ad41-4382-8965-99b94dd3c13f,sh
+defense-evasion,T1222.002,Linux and Mac File and Directory Permissions Modification,10,Chmod through c script,973631cf-6680-4ffa-a053-045e1b6b67ab,sh
+defense-evasion,T1222.002,Linux and Mac File and Directory Permissions Modification,11,Chown through c script,18592ba1-5f88-4e3c-abc8-ab1c6042e389,sh
 defense-evasion,T1548.003,Sudo and Sudo Caching,1,Sudo usage,150c3a08-ee6e-48a6-aeaf-3659d24ceb4e,sh
 defense-evasion,T1548.003,Sudo and Sudo Caching,2,Unlimited sudo cache timeout,a7b17659-dd5e-46f7-b7d1-e6792c91d0bc,sh
 defense-evasion,T1548.003,Sudo and Sudo Caching,3,Disable tty_tickets for sudo caching,91a60b03-fb75-4d24-a42e-2eb8956e8de1,sh

atomics/Indexes/Indexes-Markdown/index.md

@@ -32,6 +32,8 @@
   - Atomic Test #7: chown - Change file or folder mode ownership only [macos, linux]
   - Atomic Test #8: chown - Change file or folder ownership recursively [macos, linux]
   - Atomic Test #9: chattr - Remove immutable file attribute [macos, linux]
+  - Atomic Test #10: Chmod through c script [macos, linux]
+  - Atomic Test #11: Chown through c script [macos, linux]
 - [T1216.001 PubPrn](../../T1216.001/T1216.001.md)
   - Atomic Test #1: PubPrn.vbs Signed Script Bypass [windows]
 - T1574.007 Path Interception by PATH Environment Variable [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)

atomics/Indexes/Indexes-Markdown/linux-index.md

@@ -16,6 +16,8 @@
   - Atomic Test #7: chown - Change file or folder mode ownership only [macos, linux]
   - Atomic Test #8: chown - Change file or folder ownership recursively [macos, linux]
   - Atomic Test #9: chattr - Remove immutable file attribute [macos, linux]
+  - Atomic Test #10: Chmod through c script [macos, linux]
+  - Atomic Test #11: Chown through c script [macos, linux]
 - T1564.008 Email Hiding Rules [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1014 Rootkit](../../T1014/T1014.md)
   - Atomic Test #1: Loadable Kernel Module based Rootkit [linux]

atomics/Indexes/Indexes-Markdown/macos-index.md

@@ -15,6 +15,8 @@
   - Atomic Test #7: chown - Change file or folder mode ownership only [macos, linux]
   - Atomic Test #8: chown - Change file or folder ownership recursively [macos, linux]
   - Atomic Test #9: chattr - Remove immutable file attribute [macos, linux]
+  - Atomic Test #10: Chmod through c script [macos, linux]
+  - Atomic Test #11: Chown through c script [macos, linux]
 - T1564.008 Email Hiding Rules [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1014 Rootkit [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1099 Timestomp [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)

atomics/Indexes/index.yaml

@@ -1198,6 +1198,71 @@ defense-evasion:
 
           '
         name: sh
+    - name: Chmod through c script
+      auto_generated_guid: 973631cf-6680-4ffa-a053-045e1b6b67ab
+      description: 'chmods a file using a c script
+
+        '
+      supported_platforms:
+      - macos
+      - linux
+      input_arguments:
+        source_file:
+          description: Path of c source file
+          type: Path
+          default: PathToAtomicsFolder/T1222.002/src/T1222.002.c
+        compiled_file:
+          description: Path of compiled file
+          type: Path
+          default: "/tmp/T1222002"
+      dependency_executor_name: sh
+      dependencies:
+      - description: 'Compile the script from (#{source_file}). Destination is #{compiled_file}
+
+          '
+        prereq_command: 'gcc #{source_file} -o #{compiled_file}
+
+          '
+        get_prereq_command: 'gcc #{source_file} -o #{compiled_file}
+
+          '
+      executor:
+        command: "#{compiled_file} /tmp/ T1222002\n"
+        name: sh
+    - name: Chown through c script
+      auto_generated_guid: 18592ba1-5f88-4e3c-abc8-ab1c6042e389
+      description: 'chowns a file to root using a c script
+
+        '
+      supported_platforms:
+      - macos
+      - linux
+      input_arguments:
+        source_file:
+          description: Path of c source file
+          type: Path
+          default: PathToAtomicsFolder/T1222.002/src/chown.c
+        compiled_file:
+          description: Path of compiled file
+          type: Path
+          default: "/tmp/T1222002own"
+      dependency_executor_name: sh
+      dependencies:
+      - description: 'Compile the script from (#{source_file}). Destination is #{compiled_file}
+
+          '
+        prereq_command: 'gcc #{source_file} -o #{compiled_file}
+
+          '
+        get_prereq_command: 'gcc #{source_file} -o #{compiled_file}
+
+          '
+      executor:
+        command: 'sudo #{compiled_file} #{source_file}
+
+          '
+        name: sh
+        elevation_required: true
   T1216.001:
     technique:
       x_mitre_platforms:

atomics/T1222.002/T1222.002.md

@@ -26,6 +26,10 @@ Adversarial may use these commands to make themselves the owner of files and dir
 
 - [Atomic Test #9 - chattr - Remove immutable file attribute](#atomic-test-9---chattr---remove-immutable-file-attribute)
 
+- [Atomic Test #10 - Chmod through c script](#atomic-test-10---chmod-through-c-script)
+
+- [Atomic Test #11 - Chown through c script](#atomic-test-11---chown-through-c-script)
+
 
 <br/>
 
@@ -334,4 +338,96 @@ chattr -i #{file_to_modify}
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #10 - Chmod through c script
+chmods a file using a c script
+
+**Supported Platforms:** macOS, Linux
+
+
+**auto_generated_guid:** 973631cf-6680-4ffa-a053-045e1b6b67ab
+
+
+
+
+
+#### Inputs:
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| source_file | Path of c source file | Path | PathToAtomicsFolder/T1222.002/src/T1222.002.c|
+| compiled_file | Path of compiled file | Path | /tmp/T1222002|
+
+
+#### Attack Commands: Run with `sh`! 
+
+
+```sh
+#{compiled_file} /tmp/ T1222002
+```
+
+
+
+
+#### Dependencies:  Run with `sh`!
+##### Description: Compile the script from (#{source_file}). Destination is #{compiled_file}
+##### Check Prereq Commands:
+```sh
+gcc #{source_file} -o #{compiled_file}
+```
+##### Get Prereq Commands:
+```sh
+gcc #{source_file} -o #{compiled_file}
+```
+
+
+
+
+<br/>
+<br/>
+
+## Atomic Test #11 - Chown through c script
+chowns a file to root using a c script
+
+**Supported Platforms:** macOS, Linux
+
+
+**auto_generated_guid:** 18592ba1-5f88-4e3c-abc8-ab1c6042e389
+
+
+
+
+
+#### Inputs:
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| source_file | Path of c source file | Path | PathToAtomicsFolder/T1222.002/src/chown.c|
+| compiled_file | Path of compiled file | Path | /tmp/T1222002own|
+
+
+#### Attack Commands: Run with `sh`!  Elevation Required (e.g. root or admin) 
+
+
+```sh
+sudo #{compiled_file} #{source_file}
+```
+
+
+
+
+#### Dependencies:  Run with `sh`!
+##### Description: Compile the script from (#{source_file}). Destination is #{compiled_file}
+##### Check Prereq Commands:
+```sh
+gcc #{source_file} -o #{compiled_file}
+```
+##### Get Prereq Commands:
+```sh
+gcc #{source_file} -o #{compiled_file}
+```
+
+
+
+
 <br/>