security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

T1003.008 - additional tests

Browse Source
This commit is contained in:
George Allen
2021-11-21 17:11:37 +00:00
parent 4b1bc4557e
commit d190d830db
1 changed files with 37 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1003.008/T1003.008.yaml
+37
View File
@@ -38,3 +38,40 @@ atomic_tests:
cleanup_command: |
rm -f #{output_file}
name: sh
- name: Access /etc/{shadow,passwd} with a standard bin that's not cat
auto_generated_guid: 60e860b6-8ae6-49db-ad07-5e73edd88f5d
description: |
Dump /etc/passwd and /etc/shadow using ed
supported_platforms:
- linux
input_arguments:
output_file:
description: Path where captured results will be placed
type: Path
default: /tmp/T1003.008.txt
executor:
command: |
echo ,p | ed /etc/{pass,}wd > #{output_file}
echo ,p | ed /etc/{sha,}dow > #{output_file}
cleanup_command: |
rm -f #{output_file}
name: bash
- name: Access /etc/{shadow,passwd} with shell builtins
auto_generated_guid: 60e860b6-8ae6-49db-ad07-5e73edd88f5d
description: |
Dump /etc/passwd and /etc/shadow using bash builtins
supported_platforms:
- linux
input_arguments:
output_file:
description: Path where captured results will be placed
type: Path
default: /tmp/T1003.008.txt
executor:
command: |
function testcat(){ echo "$(< $1)"; }
testcat /etc/passwd > #{output_file}
testcat /etc/shadow > #{output_file}
cleanup_command: |
rm -f #{output_file}
name: bash