From 932fd8321e4e8fc881dfc834fd3fb240df3a3b4c Mon Sep 17 00:00:00 2001
From: NeuralGlitch <107919127+NagaSivaGunturu@users.noreply.github.com>
Date: Tue, 6 Aug 2024 13:31:57 +0530
Subject: [PATCH] Update T1059.004.yaml (#2894)

* Update T1059.004.yaml

Added a new atomic test
name: emacs spawning an interactive system shell

* Update T1059.004.yaml

Added new test supports bothe Linuc n Mac

added brew install prereq as well to support mac

Test name: emacs spawning an interactive system shell
---
 atomics/T1059.004/T1059.004.yaml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/atomics/T1059.004/T1059.004.yaml b/atomics/T1059.004/T1059.004.yaml
index 09abac03..6d61bf7b 100644
--- a/atomics/T1059.004/T1059.004.yaml
+++ b/atomics/T1059.004/T1059.004.yaml
@@ -278,3 +278,21 @@ atomic_tests:
     cleanup_command: 
     name: sh
     elevation_required: false  
+- name: emacs spawning an interactive system shell
+  description: |
+    emacs can be used to break out from restricted environments by spawning an interactive system shell. Ref: https://gtfobins.github.io/gtfobins/emacs/  
+  supported_platforms:
+  - linux
+  - macos
+  dependency_executor_name: bash
+  dependencies:
+  - description: |
+      Check if emacs is installed on the machine.
+    prereq_command: |
+      if [ -x "$(command -v emacs)" ]; then echo "emacs is installed"; else echo "emacs is NOT installed"; exit 1; fi
+    get_prereq_command: |
+      which apt && apt update && apt install -y emacs || which pkg && pkg update && pkg install -y emacs || which brew && brew update && brew install --quiet emacs
+  executor:
+    command: sudo emacs -Q -nw --eval '(term "/bin/sh &")'
+    name: sh
+    elevation_required: true