From b9445cf19eb98f8cfb7484b66e46ca4e9f6cd1fb Mon Sep 17 00:00:00 2001 From: CircleCI Atomic Red Team doc generator Date: Thu, 10 Feb 2022 14:40:10 +0000 Subject: [PATCH] Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] --- atomics/Indexes/index.yaml | 44 +++++++++++++++++++++------------- atomics/T1040/T1040.md | 4 ++-- atomics/T1046/T1046.md | 2 +- atomics/T1087.001/T1087.001.md | 12 ++++++++++ atomics/T1135/T1135.md | 2 +- atomics/T1486/T1486.md | 4 ++-- atomics/T1560.001/T1560.001.md | 4 ++-- atomics/T1562.001/T1562.001.md | 2 +- 8 files changed, 48 insertions(+), 26 deletions(-) diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index a46884c9..f86b4c80 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -4609,7 +4609,7 @@ credential-access: -v tshark)" ]; then exit 1; else exit 0; fi; ' - get_prereq_command: "(which yum && yum -y epel-release tcpdump tshark)||(which + get_prereq_command: "(which yum && yum -y install epel-release tcpdump tshark)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y tcpdump tshark)\n" executor: command: | @@ -4639,7 +4639,7 @@ credential-access: -v tshark)" ]; then exit 1; else exit 0; fi; ' - get_prereq_command: "(which yum && yum -y epel-release tcpdump tshark)||(which + get_prereq_command: "(which yum && yum -y install epel-release tcpdump tshark)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y tcpdump tshark)\n" executor: command: "sudo tcpdump -c 5 -nnni #{interface} \nif [ -x \"$(command -v @@ -7891,7 +7891,7 @@ collection: ' get_prereq_command: | - (which yum && yum -y epel-release zip)||(which apt-get && apt-get install -y zip) + (which yum && yum -y install epel-release zip)||(which apt-get && apt-get install -y zip) echo Please set input_files argument to include files that exist executor: name: sh @@ -7997,8 +7997,8 @@ collection: ]; then exit 1; fi; ' - get_prereq_command: "(which yum && yum -y epel-release zip gpg)||(which apt-get - && apt-get install -y zip gpg)\n" + get_prereq_command: "(which yum && yum -y install epel-release zip gpg)||(which + apt-get && apt-get install -y zip gpg)\n" executor: name: sh elevation_required: false @@ -25676,8 +25676,8 @@ defense-evasion: package_installer: description: Package installer command for linux. Default yum type: String - default: "(which yum && yum -y epel-release rsyslog)||(which apt-get && - apt-get install -y rsyslog)" + default: "(which yum && yum -y install epel-release rsyslog)||(which apt-get + && apt-get install -y rsyslog)" flavor_command: description: Command to disable syslog collection. Default newer rsyslog commands. i.e older command = service rsyslog stop ; chkconfig off rsyslog @@ -51870,8 +51870,8 @@ impact: prereq_command: 'which_gpg=`which gpg` ' - get_prereq_command: "(which yum && yum -y epel-release gpg)||(which apt-get - && DEBIAN_FRONTEND=noninteractive apt-get install -y gpg)\n" + get_prereq_command: "(which yum && yum -y install epel-release gpg)||(which + apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y gpg)\n" executor: name: bash elevation_required: false @@ -51956,8 +51956,8 @@ impact: which_ccencrypt=`which ccencrypt` which_ccdecrypt=`which ccdecrypt` if [[ $USER == "root" ]]; then cp #{root_input_file_path} #{cped_file_path}; else cp #{user_input_file_path} #{cped_file_path}; fi - get_prereq_command: "(which yum && yum -y epel-release ccrypt)||(which apt-get - && DEBIAN_FRONTEND=noninteractive apt-get install -y ccrypt)\n" + get_prereq_command: "(which yum && yum -y install epel-release ccrypt)||(which + apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y ccrypt)\n" executor: name: bash elevation_required: false @@ -55515,6 +55515,16 @@ discovery: ' name: sh + dependency_executor_name: sh + dependencies: + - description: 'check if lsof exists + +' + prereq_command: 'which lsof + +' + get_prereq_command: "(which yum && yum -y install lsof)||(which apt-get && + DEBIAN_FRONTEND=noninteractive apt-get install -y lsof)\n" - name: Show if a user account has ever logged in remotely auto_generated_guid: 0f0b6a29-08c3-44ad-a30b-47fd996b2110 description: 'Show if a user account has ever logged in remotely @@ -55871,8 +55881,8 @@ discovery: fi; ' - get_prereq_command: "(which yum && yum -y epel-release nmap)||(which apt-get - && DEBIAN_FRONTEND=noninteractive apt-get install -y nmap)\n" + get_prereq_command: "(which yum && yum -y install epel-release nmap)||(which + apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y nmap)\n" executor: command: | nmap -sS #{network_range} -p #{port} @@ -56029,8 +56039,8 @@ discovery: package_installer: description: Package installer command. Debian - apt install samba type: String - default: "(which yum && yum -y epel-release samba)||(which apt-get && DEBIAN_FRONTEND=noninteractive - apt-get install -y samba)" + default: "(which yum && yum -y install epel-release samba)||(which apt-get + && DEBIAN_FRONTEND=noninteractive apt-get install -y samba)" dependency_executor_name: bash dependencies: - description: 'Package with smbstatus (samba) must exist on device @@ -56214,7 +56224,7 @@ discovery: -v tshark)" ]; then exit 1; else exit 0; fi; ' - get_prereq_command: "(which yum && yum -y epel-release tcpdump tshark)||(which + get_prereq_command: "(which yum && yum -y install epel-release tcpdump tshark)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y tcpdump tshark)\n" executor: command: | @@ -56244,7 +56254,7 @@ discovery: -v tshark)" ]; then exit 1; else exit 0; fi; ' - get_prereq_command: "(which yum && yum -y epel-release tcpdump tshark)||(which + get_prereq_command: "(which yum && yum -y install epel-release tcpdump tshark)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y tcpdump tshark)\n" executor: command: "sudo tcpdump -c 5 -nnni #{interface} \nif [ -x \"$(command -v diff --git a/atomics/T1040/T1040.md b/atomics/T1040/T1040.md index 6c8a24f2..699839a8 100644 --- a/atomics/T1040/T1040.md +++ b/atomics/T1040/T1040.md @@ -58,7 +58,7 @@ if [ ! -x "$(command -v tcpdump)" ] && [ ! -x "$(command -v tshark)" ]; then exi ``` ##### Get Prereq Commands: ```bash -(which yum && yum -y epel-release tcpdump tshark)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y tcpdump tshark) +(which yum && yum -y install epel-release tcpdump tshark)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y tcpdump tshark) ``` @@ -106,7 +106,7 @@ if [ ! -x "$(command -v tcpdump)" ] && [ ! -x "$(command -v tshark)" ]; then exi ``` ##### Get Prereq Commands: ```bash -(which yum && yum -y epel-release tcpdump tshark)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y tcpdump tshark) +(which yum && yum -y install epel-release tcpdump tshark)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y tcpdump tshark) ``` diff --git a/atomics/T1046/T1046.md b/atomics/T1046/T1046.md index 29040d0a..489758c4 100644 --- a/atomics/T1046/T1046.md +++ b/atomics/T1046/T1046.md @@ -92,7 +92,7 @@ if [ -x "$(command -v nmap)" ]; then exit 0; else exit 1; fi; ``` ##### Get Prereq Commands: ```sh -(which yum && yum -y epel-release nmap)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y nmap) +(which yum && yum -y install epel-release nmap)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y nmap) ``` diff --git a/atomics/T1087.001/T1087.001.md b/atomics/T1087.001/T1087.001.md index 64a58541..7f289734 100644 --- a/atomics/T1087.001/T1087.001.md +++ b/atomics/T1087.001/T1087.001.md @@ -166,6 +166,18 @@ username=$(id -u -n) && lsof -u $username +#### Dependencies: Run with `sh`! +##### Description: check if lsof exists +##### Check Prereq Commands: +```sh +which lsof +``` +##### Get Prereq Commands: +```sh +(which yum && yum -y install lsof)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y lsof) +``` + +
diff --git a/atomics/T1135/T1135.md b/atomics/T1135/T1135.md index 68998dc3..7bd8f28c 100644 --- a/atomics/T1135/T1135.md +++ b/atomics/T1135/T1135.md @@ -74,7 +74,7 @@ Network Share Discovery using smbstatus | Name | Description | Type | Default Value | |------|-------------|------|---------------| | package_checker | Package checking command. Debian - dpkg -s samba | String | (rpm -q samba &>/dev/null) || (dpkg -s samba | grep -q installed)| -| package_installer | Package installer command. Debian - apt install samba | String | (which yum && yum -y epel-release samba)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y samba)| +| package_installer | Package installer command. Debian - apt install samba | String | (which yum && yum -y install epel-release samba)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y samba)| #### Attack Commands: Run with `bash`! Elevation Required (e.g. root or admin) diff --git a/atomics/T1486/T1486.md b/atomics/T1486/T1486.md index f70a901d..d96f3827 100644 --- a/atomics/T1486/T1486.md +++ b/atomics/T1486/T1486.md @@ -64,7 +64,7 @@ which_gpg=`which gpg` ``` ##### Get Prereq Commands: ```bash -(which yum && yum -y epel-release gpg)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y gpg) +(which yum && yum -y install epel-release gpg)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y gpg) ``` @@ -170,7 +170,7 @@ if [[ $USER == "root" ]]; then cp #{root_input_file_path} #{cped_file_path}; els ``` ##### Get Prereq Commands: ```bash -(which yum && yum -y epel-release ccrypt)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y ccrypt) +(which yum && yum -y install epel-release ccrypt)||(which apt-get && DEBIAN_FRONTEND=noninteractive apt-get install -y ccrypt) ``` diff --git a/atomics/T1560.001/T1560.001.md b/atomics/T1560.001/T1560.001.md index cf27be43..04b2f9b7 100644 --- a/atomics/T1560.001/T1560.001.md +++ b/atomics/T1560.001/T1560.001.md @@ -283,7 +283,7 @@ if [ $(ls #{input_files} | wc -l) > 0 ] && [ -x $(which zip) ] ; then exit 0; el ``` ##### Get Prereq Commands: ```sh -(which yum && yum -y epel-release zip)||(which apt-get && apt-get install -y zip) +(which yum && yum -y install epel-release zip)||(which apt-get && apt-get install -y zip) echo Please set input_files argument to include files that exist ``` @@ -427,7 +427,7 @@ if [ ! -x "$(command -v gpg)" ] || [ ! -x "$(command -v zip)" ]; then exit 1; fi ``` ##### Get Prereq Commands: ```sh -(which yum && yum -y epel-release zip gpg)||(which apt-get && apt-get install -y zip gpg) +(which yum && yum -y install epel-release zip gpg)||(which apt-get && apt-get install -y zip gpg) ``` diff --git a/atomics/T1562.001/T1562.001.md b/atomics/T1562.001/T1562.001.md index b5a124a5..96c6c1be 100644 --- a/atomics/T1562.001/T1562.001.md +++ b/atomics/T1562.001/T1562.001.md @@ -77,7 +77,7 @@ Disables syslog collection | Name | Description | Type | Default Value | |------|-------------|------|---------------| | package_checker | Package checking command for linux. | String | (rpm -q rsyslog 2>&1 >/dev/null) || (dpkg -s rsyslog | grep -q installed)| -| package_installer | Package installer command for linux. Default yum | String | (which yum && yum -y epel-release rsyslog)||(which apt-get && apt-get install -y rsyslog)| +| package_installer | Package installer command for linux. Default yum | String | (which yum && yum -y install epel-release rsyslog)||(which apt-get && apt-get install -y rsyslog)| | flavor_command | Command to disable syslog collection. Default newer rsyslog commands. i.e older command = service rsyslog stop ; chkconfig off rsyslog | String | systemctl stop rsyslog ; systemctl disable rsyslog| | cleanup_command | Command to enable syslog collection. Default newer rsyslog commands. i.e older command = service rsyslog start ; chkconfig rsyslog on | String | systemctl start rsyslog ; systemctl enable rsyslog|