security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]

Browse Source
This commit is contained in:
CircleCI Atomic Red Team doc generator
2022-04-14 22:38:49 +00:00
parent d5c079a274
commit 72fc6bd787
5 changed files with 100 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/Indexes/Attack-Navigator-Layers/art-navigator-layer-linux.json
+1 -1
View File
File diff suppressed because one or more lines are too long
atomics/Indexes/Indexes-CSV/index.csv
+1
View File
@@ -1037,6 +1037,7 @@ execution,T1053.005,Scheduled Task,6,WMI Invoke-CimMethod Scheduled Task,e16b3b7
execution,T1053.005,Scheduled Task,7,Scheduled Task Executing Base64 Encoded Commands From Registry,e895677d-4f06-49ab-91b6-ae3742d0a2ba,command_prompt
execution,T1569.002,Service Execution,1,Execute a Command as a Service,2382dee2-a75f-49aa-9378-f52df6ed3fb1,command_prompt
execution,T1569.002,Service Execution,2,Use PsExec to execute a command on a remote host,873106b7-cfed-454b-8680-fa9f6400431c,command_prompt
execution,T1569.002,Service Execution,3,psexec.py (Impacket),edbcd8c9-3639-4844-afad-455c91e95a35,bash
execution,T1072,Software Deployment Tools,1,Radmin Viewer Utility,b4988cad-6ed2-434d-ace5-ea2670782129,command_prompt
execution,T1053.006,Systemd Timers,1,Create Systemd Service and Timer,f4983098-bb13-44fb-9b2c-46149961807b,bash
execution,T1053.006,Systemd Timers,2,Create a user level transient systemd service and timer,3de33f5b-62e5-4e63-a2a0-6fd8808c80ec,sh
1 Tactic Technique # Technique Name Test # Test Name Test GUID Executor Name
1037 execution T1053.005 Scheduled Task 7 Scheduled Task Executing Base64 Encoded Commands From Registry e895677d-4f06-49ab-91b6-ae3742d0a2ba command_prompt
1038 execution T1569.002 Service Execution 1 Execute a Command as a Service 2382dee2-a75f-49aa-9378-f52df6ed3fb1 command_prompt
1039 execution T1569.002 Service Execution 2 Use PsExec to execute a command on a remote host 873106b7-cfed-454b-8680-fa9f6400431c command_prompt
1040 execution T1569.002 Service Execution 3 psexec.py (Impacket) edbcd8c9-3639-4844-afad-455c91e95a35 bash
1041 execution T1072 Software Deployment Tools 1 Radmin Viewer Utility b4988cad-6ed2-434d-ace5-ea2670782129 command_prompt
1042 execution T1053.006 Systemd Timers 1 Create Systemd Service and Timer f4983098-bb13-44fb-9b2c-46149961807b bash
1043 execution T1053.006 Systemd Timers 2 Create a user level transient systemd service and timer 3de33f5b-62e5-4e63-a2a0-6fd8808c80ec sh
atomics/Indexes/Indexes-Markdown/index.md
+1
View File
@@ -1696,6 +1696,7 @@
- [T1569.002 Service Execution](../../T1569.002/T1569.002.md)
- Atomic Test #1: Execute a Command as a Service [windows]
- Atomic Test #2: Use PsExec to execute a command on a remote host [windows]
- Atomic Test #3: psexec.py (Impacket) [linux]
- T1129 Shared Modules [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
- [T1072 Software Deployment Tools](../../T1072/T1072.md)
- Atomic Test #1: Radmin Viewer Utility [windows]
atomics/Indexes/index.yaml
+46
View File
@@ -69742,6 +69742,52 @@ execution:
'
name: command_prompt
- name: psexec.py (Impacket)
auto_generated_guid: edbcd8c9-3639-4844-afad-455c91e95a35
description: 'Will execute a command on the remote host with Impacket psexec.py
script.
'
supported_platforms:
- linux
input_arguments:
remote_host:
description: Remote hostname or IP address
type: String
default: 127.0.0.1
username:
description: Username
type: String
default: Administrator
domain:
description: Target domain
type: String
default: ''
password:
description: Password
type: String
default: P@ssw0rd1
command:
description: Command to execute in target computer
type: String
default: whoami
dependency_executor_name: bash
dependencies:
- description: 'psexec.py (Impacket)
'
prereq_command: 'if [ -x "$(command -v psexec.py)" ]; then exit 0; else exit
1; fi;
'
get_prereq_command: 'sudo pip3 install impacket
'
executor:
command: 'psexec.py ''#{domain}/#{username}:#{password}@#{remote_host}'' ''#{command}''
'
name: bash
T1129:
technique:
object_marking_refs:
atomics/T1569.002/T1569.002.md
+51
View File
@@ -12,6 +12,8 @@ Adversaries may leverage these mechanisms to execute malicious content. This can
- [Atomic Test #2 - Use PsExec to execute a command on a remote host](#atomic-test-2---use-psexec-to-execute-a-command-on-a-remote-host)
- [Atomic Test #3 - psexec.py (Impacket)](#atomic-test-3---psexecpy-impacket)
<br/>
@@ -108,4 +110,53 @@ Copy-Item $env:TEMP\PsTools\PsExec.exe "#{psexec_exe}" -Force
<br/>
<br/>
## Atomic Test #3 - psexec.py (Impacket)
Will execute a command on the remote host with Impacket psexec.py script.
**Supported Platforms:** Linux
**auto_generated_guid:** edbcd8c9-3639-4844-afad-455c91e95a35
#### Inputs:
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| remote_host | Remote hostname or IP address | String | 127.0.0.1|
| username | Username | String | Administrator|
| domain | Target domain | String | |
| password | Password | String | P@ssw0rd1|
| command | Command to execute in target computer | String | whoami|
#### Attack Commands: Run with `bash`!
```bash
psexec.py '#{domain}/#{username}:#{password}@#{remote_host}' '#{command}'
```
#### Dependencies: Run with `bash`!
##### Description: psexec.py (Impacket)
##### Check Prereq Commands:
```bash
if [ -x "$(command -v psexec.py)" ]; then exit 0; else exit 1; fi;
```
##### Get Prereq Commands:
```bash
sudo pip3 install impacket
```
<br/>