security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generated docs from job=generate-docs branch=master [ci skip]

Browse Source
This commit is contained in:
Atomic Red Team doc generator
2022-06-26 00:11:09 +00:00
parent 808c3ca081
commit 71bedf4947
2 changed files with 45 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/Indexes/index.yaml
+21 -5
View File
@@ -18025,19 +18025,35 @@ defense-evasion:
atomic_tests:
- name: Decode base64 Data into Script
auto_generated_guid: f45df6be-2e1e-4136-a384-8f18ab3826fb
description: |
Creates a base64-encoded data file and decodes it into an executable shell script
Upon successful execution, sh will execute art.sh, which is a base64 encoded command, that stdouts `echo Hello from the Atomic Red Team`.
description: "Creates a base64-encoded data file and decodes it into an executable
shell script\n\nUpon successful execution, sh will execute art.sh, which is
a base64 encoded command, that echoes `Hello from the Atomic Red Team` \nand
uname -v\n"
supported_platforms:
- macos
- linux
input_arguments:
shell_command:
description: command to encode
type: String
default: echo Hello from the Atomic Red Team && uname -v
dependency_executor_name: sh
dependencies:
- description: 'encode the command into base64 file
'
prereq_command: 'exit 1
'
get_prereq_command: 'echo "#{shell_command}" | base64 > /tmp/encoded.dat
'
executor:
command: |
sh -c "echo ZWNobyBIZWxsbyBmcm9tIHRoZSBBdG9taWMgUmVkIFRlYW0= > /tmp/encoded.dat"
cat /tmp/encoded.dat | base64 -d > /tmp/art.sh
chmod +x /tmp/art.sh
/tmp/art.sh
cleanup_command: "rm /tmp/encoded.dat \nrm /tmp/art.sh\n"
name: sh
- name: Execute base64-encoded PowerShell
auto_generated_guid: a50d5a97-2531-499e-a1de-5544c74432c6
atomics/T1027/T1027.md
+24 -2
View File
@@ -32,7 +32,8 @@ Adversaries may also obfuscate commands executed from payloads or directly via a
## Atomic Test #1 - Decode base64 Data into Script
Creates a base64-encoded data file and decodes it into an executable shell script
Upon successful execution, sh will execute art.sh, which is a base64 encoded command, that stdouts `echo Hello from the Atomic Red Team`.
Upon successful execution, sh will execute art.sh, which is a base64 encoded command, that echoes `Hello from the Atomic Red Team`
and uname -v
**Supported Platforms:** macOS, Linux
@@ -43,20 +44,41 @@ Upon successful execution, sh will execute art.sh, which is a base64 encoded com
#### Inputs:
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| shell_command | command to encode | String | echo Hello from the Atomic Red Team && uname -v|
#### Attack Commands: Run with `sh`!
```sh
sh -c "echo ZWNobyBIZWxsbyBmcm9tIHRoZSBBdG9taWMgUmVkIFRlYW0= > /tmp/encoded.dat"
cat /tmp/encoded.dat | base64 -d > /tmp/art.sh
chmod +x /tmp/art.sh
/tmp/art.sh
```
#### Cleanup Commands:
```sh
rm /tmp/encoded.dat
rm /tmp/art.sh
```
#### Dependencies: Run with `sh`!
##### Description: encode the command into base64 file
##### Check Prereq Commands:
```sh
exit 1
```
##### Get Prereq Commands:
```sh
echo "#{shell_command}" | base64 > /tmp/encoded.dat
```
<br/>