security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Psiphon (#1771)

Browse Source 
* message

* Update T1090.003.yaml

* Final updates b4 merge

Removed input arg, split dependencies out into two different ones, made use of USERPROFILE environment variable to improve robustness of test.

* use %USERPROFILE% environment variable

Co-authored-by: Chase James <cjames@nti.local>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
This commit is contained in:
CyberBilly7
2022-02-15 07:14:43 -06:00
committed by GitHub
parent f01c461021
commit a3ead89e7c
2 changed files with 43 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1090.003/T1090.003.yaml
+37
View File
@@ -0,0 +1,37 @@
attack_technique: T1090.003
display_name: 'Proxy: Multi-hop Proxy'
atomic_tests:
- name: Psiphon
description: |
Psiphon 3 is a circumvention tool from Psiphon Inc. that utilizes VPN, SSH and HTTP Proxy technology to provide you
with uncensored access to Internet.
This process will launch Psiphon 3 and establish a connection. Shortly after it will be shut down via process kill commands.
More information can be found about Psiphon using the following urls
http://s3.amazonaws.com/0ubz-2q11-gi9y/en.html
https://psiphon.ca/faq.html
supported_platforms:
- windows
dependency_executor_name: powershell
dependencies:
- description: |
The proxy settings backup file must exist on disk at $env:Temp\proxy-backup.txt
prereq_command: |
if (Test-Path $env:Temp\proxy-backup.txt) {exit 0} else {exit 1}
get_prereq_command: |
if(-not (test-path $env:Temp\proxy-backup.txt)){
$Proxy = (Get-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings' -Name "ProxyServer" -ErrorAction Ignore).ProxyServer
Set-Content $env:Temp\proxy-backup.txt $Proxy}
- description: |
The Psiphon executable must exist in the Downloads folder
prereq_command: |
if (Test-Path $env:UserProfile\Downloads\psiphon3.exe) {exit 0} else {exit 1}
get_prereq_command: |
Invoke-WebRequest -OutFile "$env:UserProfile\Downloads\psiphon3.exe" "https://s3.amazonaws.com/0ubz-2q11-gi9y/psiphon3.exe"
executor:
name: powershell
command: |
PathToAtomicsFolder\T1090.003\src\Psiphon.bat
cleanup_command: |
$Proxy = Get-Content $env:Temp\proxy-backup.txt -ErrorAction Ignore
if($null -ne $Proxy)
{Set-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings' -Name "ProxyServer" -Value $Proxy}
atomics/T1090.003/src/Psiphon.bat
+6
View File
@@ -0,0 +1,6 @@
@echo off
start %USERPROFILE%\Downloads\psiphon3.exe
timeout /t 20 >nul 2>&1
Taskkill /IM msedge.exe /F >nul 2>&1
Taskkill /IM psiphon3.exe /F >nul 2>&1
Taskkill /IM psiphon-tunnel-core.exe /F >nul 2>&1