security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate docs from job=validate_atomics_generate_docs branch=master

Browse Source
This commit is contained in:
CircleCI Atomic Red Team doc generator
2020-08-07 19:33:50 +00:00
parent cd1c015dfa
commit bfa4d8bc54
2 changed files with 41 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/Indexes/index.yaml
+20 -4
View File
@@ -48548,12 +48548,28 @@ command-and-control:
description: Default domain to simulate against
type: string
default: www.google.com
curl_path:
description: path to curl.exe
type: path
default: C:\Windows\System32\Curl.exe
dependency_executor_name: powershell
dependencies:
- description: "Curl must be installed on system \n"
prereq_command: 'if (Test-Path #{curl_path}) {exit 0} else {exit 1}
'
get_prereq_command: |
Invoke-WebRequest "https://curl.haxx.se/windows/dl-7.71.1/curl-7.71.1-win32-mingw.zip" -Outfile $env:temp\curl.zip
Expand-Archive -Path $env:temp\curl.zip -DestinationPath $env:temp\curl
Copy-Item $env:temp\curl\curl-7.71.1-win32-mingw\bin\curl.exe #{curl_path}
Remove-Item $env:temp\curl
Remove-Item $env:temp\curl.zip
executor:
command: |
curl -s -A "HttpBrowser/1.0" -m3 #{domain} >nul 2>&1
curl -s -A "Wget/1.9+cvs-stable (Red Hat modified)" -m3 #{domain} >nul 2>&1
curl -s -A "Opera/8.81 (Windows NT 6.0; U; en)" -m3 #{domain} >nul 2>&1
curl -s -A "*<|>*" -m3 #{domain} >nul 2>&1
#{curl_path} -s -A "HttpBrowser/1.0" -m3 #{domain} >nul 2>&1
#{curl_path} -s -A "Wget/1.9+cvs-stable (Red Hat modified)" -m3 #{domain} >nul 2>&1
#{curl_path} -s -A "Opera/8.81 (Windows NT 6.0; U; en)" -m3 #{domain} >nul 2>&1
#{curl_path} -s -A "*<|>*" -m3 #{domain} >nul 2>&1
name: command_prompt
- name: Malicious User Agents - Nix
auto_generated_guid: 2d7c471a-e887-4b78-b0dc-b0df1f2e0658
atomics/T1071.001/T1071.001.md
+21 -4
View File
@@ -65,21 +65,38 @@ Inspired by APTSimulator - https://github.com/NextronSystems/APTSimulator/blob/m
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| domain | Default domain to simulate against | string | www.google.com|
| curl_path | path to curl.exe | path | C:&#92;Windows&#92;System32&#92;Curl.exe|
#### Attack Commands: Run with `command_prompt`!
```cmd
curl -s -A "HttpBrowser/1.0" -m3 #{domain} >nul 2>&1
curl -s -A "Wget/1.9+cvs-stable (Red Hat modified)" -m3 #{domain} >nul 2>&1
curl -s -A "Opera/8.81 (Windows NT 6.0; U; en)" -m3 #{domain} >nul 2>&1
curl -s -A "*<|>*" -m3 #{domain} >nul 2>&1
#{curl_path} -s -A "HttpBrowser/1.0" -m3 #{domain} >nul 2>&1
#{curl_path} -s -A "Wget/1.9+cvs-stable (Red Hat modified)" -m3 #{domain} >nul 2>&1
#{curl_path} -s -A "Opera/8.81 (Windows NT 6.0; U; en)" -m3 #{domain} >nul 2>&1
#{curl_path} -s -A "*<|>*" -m3 #{domain} >nul 2>&1
```
#### Dependencies: Run with `powershell`!
##### Description: Curl must be installed on system
##### Check Prereq Commands:
```powershell
if (Test-Path #{curl_path}) {exit 0} else {exit 1}
```
##### Get Prereq Commands:
```powershell
Invoke-WebRequest "https://curl.haxx.se/windows/dl-7.71.1/curl-7.71.1-win32-mingw.zip" -Outfile $env:temp\curl.zip
Expand-Archive -Path $env:temp\curl.zip -DestinationPath $env:temp\curl
Copy-Item $env:temp\curl\curl-7.71.1-win32-mingw\bin\curl.exe #{curl_path}
Remove-Item $env:temp\curl
Remove-Item $env:temp\curl.zip
```
<br/>