security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate docs from job=validate_atomics_generate_docs branch=master

Browse Source
This commit is contained in:
CircleCI Atomic Red Team doc generator
2019-09-21 15:21:30 +00:00
parent d492b8ce4c
commit 3bc4bf9dd2
6 changed files with 55 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1081/T1081.md
+27 -8
View File
@@ -6,18 +6,20 @@ It is possible to extract passwords from backups or saved virtual machines throu
## Atomic Tests
- [Atomic Test #1 - Browser and System credentials](#atomic-test-1---browser-and-system-credentials)
- [Atomic Test #1 - Extract Browser and System credentials with LaZagne](#atomic-test-1---extract-browser-and-system-credentials-with-lazagne)
- [Atomic Test #2 - Extract credentials from files](#atomic-test-2---extract-credentials-from-files)
- [Atomic Test #2 - Extract passwords with grep](#atomic-test-2---extract-passwords-with-grep)
- [Atomic Test #3 - Mimikatz & Kittenz](#atomic-test-3---mimikatz--kittenz)
- [Atomic Test #3 - Runs Mimikatz & Mimikittenz by name](#atomic-test-3---runs-mimikatz--mimikittenz-by-name)
- [Atomic Test #4 - Extracting credentials from files](#atomic-test-4---extracting-credentials-from-files)
- [Atomic Test #4 - Extracting passwords with findstr](#atomic-test-4---extracting-passwords-with-findstr)
- [Atomic Test #5 - Access "unattend.xml"](#atomic-test-5---access-unattendxml)
<br/>
## Atomic Test #1 - Browser and System credentials
## Atomic Test #1 - Extract Browser and System credentials with LaZagne
[LaZagne Source](https://github.com/AlessandroZ/LaZagne)
**Supported Platforms:** macOS
@@ -33,7 +35,7 @@ python2 laZagne.py all
<br/>
<br/>
## Atomic Test #2 - Extract credentials from files
## Atomic Test #2 - Extract passwords with grep
Extracting credentials from files
**Supported Platforms:** macOS, Linux
@@ -54,7 +56,7 @@ grep -ri password #{file_path}
<br/>
<br/>
## Atomic Test #3 - Mimikatz & Kittenz
## Atomic Test #3 - Runs Mimikatz & Mimikittenz by name
Mimikatz/kittenz - This will require a Mimikatz executable or invoke-mimikittenz ps module.
**Supported Platforms:** Windows
@@ -71,7 +73,7 @@ mimikatz.exe
<br/>
<br/>
## Atomic Test #4 - Extracting credentials from files
## Atomic Test #4 - Extracting passwords with findstr
Extracting Credentials from Files
**Supported Platforms:** Windows
@@ -85,4 +87,21 @@ ls -R | select-string -Pattern password
<br/>
<br/>
## Atomic Test #5 - Access "unattend.xml"
Attempts to access unattend.xml, where credentials are commonly stored, within the Panther directory where installation logs are stored.
**Supported Platforms:** Windows
#### Run it with `command_prompt`! Elevation Required (e.g. root or admin)
```
cmd /c type C:\Windows\Panther\unattend.xml > nul 2>&1
cmd /c type C:\Windows\Panther\Unattend\unattend.xml > nul 2>&1
```
<br/>
atomics/index.md
+5 -4
View File
@@ -529,10 +529,11 @@
- Atomic Test #11: GPP Passwords (findstr) [windows]
- Atomic Test #12: GPP Passwords (Get-GPPPassword) [windows]
- [T1081 Credentials in Files](./T1081/T1081.md)
- Atomic Test #1: Browser and System credentials [macos]
- Atomic Test #2: Extract credentials from files [macos, linux]
- Atomic Test #3: Mimikatz & Kittenz [windows]
- Atomic Test #4: Extracting credentials from files [windows]
- Atomic Test #1: Extract Browser and System credentials with LaZagne [macos]
- Atomic Test #2: Extract passwords with grep [macos, linux]
- Atomic Test #3: Runs Mimikatz & Mimikittenz by name [windows]
- Atomic Test #4: Extracting passwords with findstr [windows]
- Atomic Test #5: Access "unattend.xml" [windows]
- [T1214 Credentials in Registry](./T1214/T1214.md)
- Atomic Test #1: Enumeration for Credentials in Registry [windows]
- T1212 Exploitation for Credential Access [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
atomics/index.yaml
+17 -4
View File
@@ -15484,7 +15484,7 @@ credential-access:
- SYSTEM
identifier: T1081
atomic_tests:
- name: Browser and System credentials
- name: Extract Browser and System credentials with LaZagne
description: "[LaZagne Source](https://github.com/AlessandroZ/LaZagne)\n"
supported_platforms:
- macos
@@ -15493,7 +15493,7 @@ credential-access:
command: 'python2 laZagne.py all
'
- name: Extract credentials from files
- name: Extract passwords with grep
description: 'Extracting credentials from files
'
@@ -15510,7 +15510,7 @@ credential-access:
command: 'grep -ri password #{file_path}
'
- name: Mimikatz & Kittenz
- name: Runs Mimikatz & Mimikittenz by name
description: 'Mimikatz/kittenz - This will require a Mimikatz executable or
invoke-mimikittenz ps module.
@@ -15523,7 +15523,7 @@ credential-access:
command: |
invoke-mimikittenz
mimikatz.exe
- name: Extracting credentials from files
- name: Extracting passwords with findstr
description: 'Extracting Credentials from Files
'
@@ -15535,6 +15535,19 @@ credential-access:
command: |
findstr /si pass *.xml | *.doc | *.txt | *.xls
ls -R | select-string -Pattern password
- name: Access "unattend.xml"
description: 'Attempts to access unattend.xml, where credentials are commonly
stored, within the Panther directory where installation logs are stored.
'
supported_platforms:
- windows
executor:
name: command_prompt
elevation_required: true
command: |
cmd /c type C:\Windows\Panther\unattend.xml > nul 2>&1
cmd /c type C:\Windows\Panther\Unattend\unattend.xml > nul 2>&1
T1214:
technique:
external_references:
atomics/linux-index.md
+1 -1
View File
@@ -129,7 +129,7 @@
- [T1110 Brute Force](./T1110/T1110.md)
- [T1003 Credential Dumping](./T1003/T1003.md)
- [T1081 Credentials in Files](./T1081/T1081.md)
- Atomic Test #2: Extract credentials from files [macos, linux]
- Atomic Test #2: Extract passwords with grep [macos, linux]
- T1212 Exploitation for Credential Access [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- [T1056 Input Capture](./T1056/T1056.md)
- [T1040 Network Sniffing](./T1040/T1040.md)
atomics/macos-index.md
+2 -2
View File
@@ -183,8 +183,8 @@
- [T1110 Brute Force](./T1110/T1110.md)
- [T1003 Credential Dumping](./T1003/T1003.md)
- [T1081 Credentials in Files](./T1081/T1081.md)
- Atomic Test #1: Browser and System credentials [macos]
- Atomic Test #2: Extract credentials from files [macos, linux]
- Atomic Test #1: Extract Browser and System credentials with LaZagne [macos]
- Atomic Test #2: Extract passwords with grep [macos, linux]
- T1212 Exploitation for Credential Access [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
- [T1056 Input Capture](./T1056/T1056.md)
- [T1141 Input Prompt](./T1141/T1141.md)
atomics/windows-index.md
+3 -2
View File
@@ -362,8 +362,9 @@
- Atomic Test #11: GPP Passwords (findstr) [windows]
- Atomic Test #12: GPP Passwords (Get-GPPPassword) [windows]
- [T1081 Credentials in Files](./T1081/T1081.md)
- Atomic Test #3: Mimikatz & Kittenz [windows]
- Atomic Test #4: Extracting credentials from files [windows]
- Atomic Test #3: Runs Mimikatz & Mimikittenz by name [windows]
- Atomic Test #4: Extracting passwords with findstr [windows]
- Atomic Test #5: Access "unattend.xml" [windows]
- [T1214 Credentials in Registry](./T1214/T1214.md)
- Atomic Test #1: Enumeration for Credentials in Registry [windows]
- T1212 Exploitation for Credential Access [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)