security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generated docs from job=generate-docs branch=master [ci skip]

Browse Source
This commit is contained in:
Atomic Red Team doc generator
2024-10-12 03:08:29 +00:00
parent 008daaf6f4
commit 68270b4bbb
3 changed files with 38 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/Indexes/index.yaml
+14 -21
View File
@@ -114695,7 +114695,7 @@ impact:
- name: Encrypt files using ccrypt (FreeBSD/Linux)
auto_generated_guid: '08cbf59f-85da-4369-a5f4-049cffd7709f'
description: 'Attempts to encrypt data on target systems as root to simulate
an inturruption authentication to target system. If root permissions are not
an interruption authentication to target system. If root permissions are not
available then attempts to encrypt data within user''s home directory.
'
@@ -114703,47 +114703,39 @@ impact:
- linux
input_arguments:
cped_file_path:
description: path where you want your copied file to be
description: Path where you want your copied file to be
type: path
default: "/tmp/passwd"
root_input_file_path:
description: path to the file that you want to be encrypted if you are root
user
description: Path the target file to be encrypted. File will be copied to
/tmp/ before encrypting
type: path
default: "/etc/passwd"
user_input_file_path:
description: path to file that you want to be encrypted if you are normal
user
type: path
default: "~/.bash_history"
impact_command:
description: command to show impact of encryption
pwd_for_encrypted_file:
description: Password to use for encryption
type: string
default: sudo su
default: passwd
dependency_executor_name: sh
dependencies:
- description: 'Finds where ccencrypt and ccdecrypt is located and copies input
file
- description: 'Finds where ccencrypt and ccdecrypt are located
'
prereq_command: |
which_ccencrypt=`which ccencrypt`
which_ccdecrypt=`which ccdecrypt`
if [ $USER == "root" ]; then cp #{root_input_file_path} #{cped_file_path}; else cp #{user_input_file_path} #{cped_file_path}; fi
get_prereq_command: "(which pkg && pkg install -y ccript)||(which yum && yum
-y install epel-release ccrypt)||(which apt-get && DEBIAN_FRONTEND=noninteractive
apt-get install -y ccrypt)\n"
executor:
name: sh
elevation_required: false
command: 'if [ $USER == "root" ]; then $which_ccencrypt #{root_input_file_path};
file #{root_input_file_path}.cpt; #{impact_command}; else $which_ccencrypt
#{user_input_file_path}; file #{user_input_file_path}.cpt; #{impact_command};
fi
command: |
which_ccencrypt=`which ccencrypt`
cp #{root_input_file_path} #{cped_file_path};
$which_ccencrypt -T -K #{pwd_for_encrypted_file} #{cped_file_path}
cleanup_command: 'rm #{cped_file_path}.cpt
'
cleanup_command: "if [ $USER == \"root\" ]; then mv #{cped_file_path} #{root_input_file_path};
else cp #{cped_file_path} #{user_input_file_path}; fi \n"
- name: Encrypt files using openssl (FreeBSD/Linux)
auto_generated_guid: 142752dc-ca71-443b-9359-cf6f497315f1
description: 'Uses openssl to encrypt a file
@@ -114785,6 +114777,7 @@ impact:
name: sh
elevation_required: false
command: |
which_openssl=`which openssl`
$which_openssl genrsa -out #{private_key_path} #{encryption_bit_size}
$which_openssl rsa -in #{private_key_path} -pubout -out #{public_key_path}
$which_openssl rsautl -encrypt -inkey #{public_key_path} -pubin -in #{input_file_path} -out #{encrypted_file_path}
atomics/Indexes/linux-index.yaml
+14 -21
View File
@@ -69719,7 +69719,7 @@ impact:
- name: Encrypt files using ccrypt (FreeBSD/Linux)
auto_generated_guid: '08cbf59f-85da-4369-a5f4-049cffd7709f'
description: 'Attempts to encrypt data on target systems as root to simulate
an inturruption authentication to target system. If root permissions are not
an interruption authentication to target system. If root permissions are not
available then attempts to encrypt data within user''s home directory.
'
@@ -69727,47 +69727,39 @@ impact:
- linux
input_arguments:
cped_file_path:
description: path where you want your copied file to be
description: Path where you want your copied file to be
type: path
default: "/tmp/passwd"
root_input_file_path:
description: path to the file that you want to be encrypted if you are root
user
description: Path the target file to be encrypted. File will be copied to
/tmp/ before encrypting
type: path
default: "/etc/passwd"
user_input_file_path:
description: path to file that you want to be encrypted if you are normal
user
type: path
default: "~/.bash_history"
impact_command:
description: command to show impact of encryption
pwd_for_encrypted_file:
description: Password to use for encryption
type: string
default: sudo su
default: passwd
dependency_executor_name: sh
dependencies:
- description: 'Finds where ccencrypt and ccdecrypt is located and copies input
file
- description: 'Finds where ccencrypt and ccdecrypt are located
'
prereq_command: |
which_ccencrypt=`which ccencrypt`
which_ccdecrypt=`which ccdecrypt`
if [ $USER == "root" ]; then cp #{root_input_file_path} #{cped_file_path}; else cp #{user_input_file_path} #{cped_file_path}; fi
get_prereq_command: "(which pkg && pkg install -y ccript)||(which yum && yum
-y install epel-release ccrypt)||(which apt-get && DEBIAN_FRONTEND=noninteractive
apt-get install -y ccrypt)\n"
executor:
name: sh
elevation_required: false
command: 'if [ $USER == "root" ]; then $which_ccencrypt #{root_input_file_path};
file #{root_input_file_path}.cpt; #{impact_command}; else $which_ccencrypt
#{user_input_file_path}; file #{user_input_file_path}.cpt; #{impact_command};
fi
command: |
which_ccencrypt=`which ccencrypt`
cp #{root_input_file_path} #{cped_file_path};
$which_ccencrypt -T -K #{pwd_for_encrypted_file} #{cped_file_path}
cleanup_command: 'rm #{cped_file_path}.cpt
'
cleanup_command: "if [ $USER == \"root\" ]; then mv #{cped_file_path} #{root_input_file_path};
else cp #{cped_file_path} #{user_input_file_path}; fi \n"
- name: Encrypt files using openssl (FreeBSD/Linux)
auto_generated_guid: 142752dc-ca71-443b-9359-cf6f497315f1
description: 'Uses openssl to encrypt a file
@@ -69809,6 +69801,7 @@ impact:
name: sh
elevation_required: false
command: |
which_openssl=`which openssl`
$which_openssl genrsa -out #{private_key_path} #{encryption_bit_size}
$which_openssl rsa -in #{private_key_path} -pubout -out #{public_key_path}
$which_openssl rsautl -encrypt -inkey #{public_key_path} -pubin -in #{input_file_path} -out #{encrypted_file_path}
atomics/T1486/T1486.md
+10 -9
View File
@@ -138,7 +138,7 @@ which_7z=`which 7z`
<br/>
## Atomic Test #3 - Encrypt files using ccrypt (FreeBSD/Linux)
Attempts to encrypt data on target systems as root to simulate an inturruption authentication to target system. If root permissions are not available then attempts to encrypt data within user's home directory.
Attempts to encrypt data on target systems as root to simulate an interruption authentication to target system. If root permissions are not available then attempts to encrypt data within user's home directory.
**Supported Platforms:** Linux
@@ -152,33 +152,33 @@ Attempts to encrypt data on target systems as root to simulate an inturruption a
#### Inputs:
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| cped_file_path | path where you want your copied file to be | path | /tmp/passwd|
| root_input_file_path | path to the file that you want to be encrypted if you are root user | path | /etc/passwd|
| user_input_file_path | path to file that you want to be encrypted if you are normal user | path | ~/.bash_history|
| impact_command | command to show impact of encryption | string | sudo su|
| cped_file_path | Path where you want your copied file to be | path | /tmp/passwd|
| root_input_file_path | Path the target file to be encrypted. File will be copied to /tmp/ before encrypting | path | /etc/passwd|
| pwd_for_encrypted_file | Password to use for encryption | string | passwd|
#### Attack Commands: Run with `sh`!
```sh
if [ $USER == "root" ]; then $which_ccencrypt #{root_input_file_path}; file #{root_input_file_path}.cpt; #{impact_command}; else $which_ccencrypt #{user_input_file_path}; file #{user_input_file_path}.cpt; #{impact_command}; fi
which_ccencrypt=`which ccencrypt`
cp #{root_input_file_path} #{cped_file_path};
$which_ccencrypt -T -K #{pwd_for_encrypted_file} #{cped_file_path}
```
#### Cleanup Commands:
```sh
if [ $USER == "root" ]; then mv #{cped_file_path} #{root_input_file_path}; else cp #{cped_file_path} #{user_input_file_path}; fi
rm #{cped_file_path}.cpt
```
#### Dependencies: Run with `sh`!
##### Description: Finds where ccencrypt and ccdecrypt is located and copies input file
##### Description: Finds where ccencrypt and ccdecrypt are located
##### Check Prereq Commands:
```sh
which_ccencrypt=`which ccencrypt`
which_ccdecrypt=`which ccdecrypt`
if [ $USER == "root" ]; then cp #{root_input_file_path} #{cped_file_path}; else cp #{user_input_file_path} #{cped_file_path}; fi
```
##### Get Prereq Commands:
```sh
@@ -217,6 +217,7 @@ Uses openssl to encrypt a file
```sh
which_openssl=`which openssl`
$which_openssl genrsa -out #{private_key_path} #{encryption_bit_size}
$which_openssl rsa -in #{private_key_path} -pubout -out #{public_key_path}
$which_openssl rsautl -encrypt -inkey #{public_key_path} -pubin -in #{input_file_path} -out #{encrypted_file_path}