security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generated docs from job=generate-docs branch=master [ci skip]

Browse Source
This commit is contained in:
Atomic Red Team doc generator
2022-06-23 04:02:16 +00:00
parent bae573c815
commit 436a980bd2
2 changed files with 37 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/Indexes/index.yaml
+20 -10
View File
@@ -81847,20 +81847,30 @@ discovery:
atomic_tests:
- name: File and Directory Discovery (cmd.exe)
auto_generated_guid: 0e36303b-6762-4500-b003-127743b80ba6
description: |
Find or discover files on the file system. Upon execution, the file "download" will be placed in the temporary folder and contain the output of
all of the data discovery commands.
description: 'Find or discover files on the file system. Upon successful execution,
this test will output the results of all the data discovery commands to a
specified file.
'
supported_platforms:
- windows
input_arguments:
output_file:
description: File to output results to
type: String
default: "%temp%\\T1083Test1.txt"
executor:
command: |
dir /s c:\ >> %temp%\download
dir /s "c:\Documents and Settings" >> %temp%\download
dir /s "c:\Program Files\" >> %temp%\download
dir "%systemdrive%\Users\*.*" >> %temp%\download
dir "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.*" >> %temp%\download
dir "%userprofile%\Desktop\*.*" >> %temp%\download
tree /F >> %temp%\download
dir /s c:\ >> #{output_file}
dir /s "c:\Documents and Settings" >> #{output_file}
dir /s "c:\Program Files\" >> #{output_file}
dir "%systemdrive%\Users\*.*" >> #{output_file}
dir "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.*" >> #{output_file}
dir "%userprofile%\Desktop\*.*" >> #{output_file}
tree /F >> #{output_file}
cleanup_command: 'del #{output_file}
'
name: command_prompt
- name: File and Directory Discovery (PowerShell)
auto_generated_guid: 2158908e-b7ef-4c21-8a83-3ce4dd05a924
atomics/T1083/T1083.md
+17 -9
View File
@@ -20,8 +20,7 @@ Many command shell utilities can be used to obtain this information. Examples in
<br/>
## Atomic Test #1 - File and Directory Discovery (cmd.exe)
Find or discover files on the file system. Upon execution, the file "download" will be placed in the temporary folder and contain the output of
all of the data discovery commands.
Find or discover files on the file system. Upon successful execution, this test will output the results of all the data discovery commands to a specified file.
**Supported Platforms:** Windows
@@ -32,20 +31,29 @@ all of the data discovery commands.
#### Inputs:
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| output_file | File to output results to | String | %temp%&#92;T1083Test1.txt|
#### Attack Commands: Run with `command_prompt`!
```cmd
dir /s c:\ >> %temp%\download
dir /s "c:\Documents and Settings" >> %temp%\download
dir /s "c:\Program Files\" >> %temp%\download
dir "%systemdrive%\Users\*.*" >> %temp%\download
dir "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.*" >> %temp%\download
dir "%userprofile%\Desktop\*.*" >> %temp%\download
tree /F >> %temp%\download
dir /s c:\ >> #{output_file}
dir /s "c:\Documents and Settings" >> #{output_file}
dir /s "c:\Program Files\" >> #{output_file}
dir "%systemdrive%\Users\*.*" >> #{output_file}
dir "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.*" >> #{output_file}
dir "%userprofile%\Desktop\*.*" >> #{output_file}
tree /F >> #{output_file}
```
#### Cleanup Commands:
```cmd
del #{output_file}
```