security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added prereq to test #2 (#1185)

Browse Source 
* added prereq to test #2

* Update T1071.001.yaml

remove test "z"

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
This commit is contained in:
masonharrell
2020-08-07 12:33:31 -07:00
committed by GitHub
parent 54c0e74a6c
commit cd1c015dfa
1 changed files with 22 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1071.001/T1071.001.yaml
+22 -4
View File
@@ -22,6 +22,7 @@ atomic_tests:
Invoke-WebRequest #{domain} -UserAgent "Opera/8.81 (Windows NT 6.0; U; en)" | out-null
Invoke-WebRequest #{domain} -UserAgent "*<|>*" | out-null
name: powershell
- name: Malicious User Agents - CMD
auto_generated_guid: dc3488b0-08c7-4fea-b585-905c83b48180
description: |
@@ -36,13 +37,30 @@ atomic_tests:
description: Default domain to simulate against
type: string
default: www.google.com
curl_path:
description: path to curl.exe
type: path
default: C:\Windows\System32\Curl.exe
dependency_executor_name: powershell
dependencies:
- description: |
Curl must be installed on system
prereq_command: |
if (Test-Path #{curl_path}) {exit 0} else {exit 1}
get_prereq_command: |
Invoke-WebRequest "https://curl.haxx.se/windows/dl-7.71.1/curl-7.71.1-win32-mingw.zip" -Outfile $env:temp\curl.zip
Expand-Archive -Path $env:temp\curl.zip -DestinationPath $env:temp\curl
Copy-Item $env:temp\curl\curl-7.71.1-win32-mingw\bin\curl.exe #{curl_path}
Remove-Item $env:temp\curl
Remove-Item $env:temp\curl.zip
executor:
command: |
curl -s -A "HttpBrowser/1.0" -m3 #{domain} >nul 2>&1
curl -s -A "Wget/1.9+cvs-stable (Red Hat modified)" -m3 #{domain} >nul 2>&1
curl -s -A "Opera/8.81 (Windows NT 6.0; U; en)" -m3 #{domain} >nul 2>&1
curl -s -A "*<|>*" -m3 #{domain} >nul 2>&1
#{curl_path} -s -A "HttpBrowser/1.0" -m3 #{domain} >nul 2>&1
#{curl_path} -s -A "Wget/1.9+cvs-stable (Red Hat modified)" -m3 #{domain} >nul 2>&1
#{curl_path} -s -A "Opera/8.81 (Windows NT 6.0; U; en)" -m3 #{domain} >nul 2>&1
#{curl_path} -s -A "*<|>*" -m3 #{domain} >nul 2>&1
name: command_prompt
- name: Malicious User Agents - Nix
auto_generated_guid: 2d7c471a-e887-4b78-b0dc-b0df1f2e0658
description: |