From 9be4935b490cec2719c08a659dc385a70264992f Mon Sep 17 00:00:00 2001 From: Mo Amiri Date: Mon, 14 May 2018 14:19:29 +0100 Subject: [PATCH] changing args to input_arguments as per example --- atomics/t1087/t1087.yaml | 16 ++++++++-------- atomics/t1130/t1130.yaml | 8 ++++---- atomics/t1136/t1136.yaml | 16 ++++++++-------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/atomics/t1087/t1087.yaml b/atomics/t1087/t1087.yaml index d063354a..b39ce7ee 100644 --- a/atomics/t1087/t1087.yaml +++ b/atomics/t1087/t1087.yaml @@ -1,7 +1,7 @@ --- attack_technique: t1087 display_name: Account Discovery - + atomic_tests: - name: List all accounts description: | @@ -14,7 +14,7 @@ atomic_tests: description: Path where captured results will be placed type: Path default: ~/loot.txt - executor: + executor: name: sh command: | cat /etc/passwd > #{output_file} @@ -30,7 +30,7 @@ atomic_tests: description: Path where captured results will be placed type: Path default: ~/loot.txt - executor: + executor: name: sh command: | cat /etc/sudoers > #{output_file} @@ -46,7 +46,7 @@ atomic_tests: description: Path where captured results will be placed type: Path default: ~/loot.txt - executor: + executor: name: sh command: | grep 'x:0:' /etc/passwd > #{output_file} @@ -57,7 +57,7 @@ atomic_tests: supported_platforms: - linux - macos - executor: + executor: name: sh command: | username=$(echo $HOME | awk -F'/' '{print $3}') && lsof -u $username @@ -67,13 +67,13 @@ atomic_tests: xxx supported_platforms: - linux - - macos - args: + - macos + input_arguments: output_file: description: Path where captured results will be placed type: Path default: ~/loot.txt - executor: + executor: name: sh command: | lastlog > #{output_file} diff --git a/atomics/t1130/t1130.yaml b/atomics/t1130/t1130.yaml index deb6f7a5..dd7feeb6 100644 --- a/atomics/t1130/t1130.yaml +++ b/atomics/t1130/t1130.yaml @@ -1,14 +1,14 @@ --- attack_technique: t1130 display_name: Install Root Certificate - + atomic_tests: - name: Install root CA on CentOS/RHEL description: | Creates a root CA with openssl supported_platforms: - linux - args: + input_arguments: key_filename: description: Key we create that is used to create the CA certificate type: Path @@ -17,7 +17,7 @@ atomic_tests: description: Path of the CA certificate we create type: Path default: rootCA.crt - executor: + executor: name: sh command: | openssl genrsa -out #{key_filename} 4096 @@ -37,4 +37,4 @@ atomic_tests: # To test the new trust, apply the root certificate or another signed with it to # a SSL/TLS web service and attempt a connection with curl or wget. # -# curl https://art.evil.com \ No newline at end of file +# curl https://art.evil.com diff --git a/atomics/t1136/t1136.yaml b/atomics/t1136/t1136.yaml index 0679a59b..42bd191b 100644 --- a/atomics/t1136/t1136.yaml +++ b/atomics/t1136/t1136.yaml @@ -1,7 +1,7 @@ --- attack_technique: t1136 display_name: Create Account - + atomic_tests: - name: Create a user account on a Linux system description: | @@ -9,15 +9,15 @@ atomic_tests: supported_platforms: - linux input_arguments: - username: + username: description: Username of the user to create type: String default: evil_user - comment: + comment: description: Comment to record when creating the user type: String default: Evil Account - executor: + executor: name: bash command: | useradd -M -N -r -s /bin/bash -c "#{comment}" #{username} @@ -27,16 +27,16 @@ atomic_tests: Creates a user on a MacOS system with dscl supported_platforms: - macos - args: - username: + input_arguments: + username: description: Username of the user to create type: String default: evil_user - realname: + realname: description: "'realname' to record when creating the user" type: String default: Evil Account - executor: + executor: name: bash command: | dscl . -create /Users/#{username}