T1107 File Deletion reorg with variables (#423)
This commit is contained in:
Tony M Lambert
committed by
Zac Brown
Zac Brown
parent
bb07c4ac15
commit
dfabc52d64
+51
-54
@@ -3,115 +3,112 @@ attack_technique: T1107
|
||||
display_name: File Deletion
|
||||
|
||||
atomic_tests:
|
||||
- name: Victim configuration
|
||||
description: |
|
||||
Create a temporary directory and several files on the victim system for later deletion
|
||||
supported_platforms:
|
||||
- linux
|
||||
executor:
|
||||
name: sh
|
||||
command: |
|
||||
mkdir /tmp/victim-files
|
||||
cd /tmp/victim-files
|
||||
touch a b c d e f g
|
||||
echo "This file will be shredded" > /tmp/victim-shred.txt
|
||||
|
||||
- name: Delete a single file
|
||||
- name: Delete a single file - Linux/macOS
|
||||
description: |
|
||||
Delete a single file from the temporary directory
|
||||
supported_platforms:
|
||||
- linux
|
||||
- macos
|
||||
input_arguments:
|
||||
file_to_delete:
|
||||
description: Path of file to delete
|
||||
type: Path
|
||||
default: /tmp/victim-files/a
|
||||
executor:
|
||||
name: sh
|
||||
command: |
|
||||
rm -f /tmp/victim-files/a
|
||||
rm -f #{file_to_delete}
|
||||
|
||||
- name: Delete an entire folder
|
||||
- name: Delete an entire folder - Linux/macOS
|
||||
description: |
|
||||
Recursively delete the temporary directory and all files contained within it
|
||||
supported_platforms:
|
||||
- linux
|
||||
- macos
|
||||
input_arguments:
|
||||
folder_to_delete:
|
||||
description: Path of folder to delete
|
||||
type: Path
|
||||
default: /tmp/victim-files
|
||||
executor:
|
||||
name: sh
|
||||
command: |
|
||||
rm -rf /tmp/victim-files
|
||||
rm -rf #{folder_to_delete}
|
||||
|
||||
- name: Overwrite and delete a file with shred
|
||||
description: |
|
||||
Use the `shred` command to overwrite the temporary file and then delete it
|
||||
supported_platforms:
|
||||
- linux
|
||||
input_arguments:
|
||||
file_to_shred:
|
||||
description: Path of file to shred
|
||||
type: Path
|
||||
default: /tmp/victim-shred.txt
|
||||
executor:
|
||||
name: sh
|
||||
command: |
|
||||
shred -u /tmp/victim-shred.txt
|
||||
shred -u #{file_to_shred}
|
||||
|
||||
- name: Victim configuration
|
||||
description: |
|
||||
Create a temporary directory and several files on the victim system for later deletion
|
||||
supported_platforms:
|
||||
- windows
|
||||
executor:
|
||||
name: command_prompt
|
||||
command: |
|
||||
mkdir %TEMP%\victim-files-cmd
|
||||
cd %TEMP%\victim-files-cmd
|
||||
type nul > a
|
||||
type nul > b
|
||||
type nul > c
|
||||
type nul > d
|
||||
type nul > e
|
||||
type nul > f
|
||||
type nul > g
|
||||
mkdir %TEMP%\victim-files-ps
|
||||
cd %TEMP%\victim-files-ps
|
||||
type nul > a
|
||||
type nul > b
|
||||
type nul > c
|
||||
type nul > d
|
||||
type nul > e
|
||||
type nul > f
|
||||
type nul > g
|
||||
|
||||
- name: Delete a single file - cmd
|
||||
- name: Delete a single file - Windows cmd
|
||||
description: |
|
||||
Delete a single file from the temporary directory using cmd.exe
|
||||
supported_platforms:
|
||||
- windows
|
||||
input_arguments:
|
||||
file_to_delete:
|
||||
description: Path of file to delete
|
||||
type: Path
|
||||
default: C:\Windows\Temp\victim-files-cmd\a
|
||||
executor:
|
||||
name: command_prompt
|
||||
command: |
|
||||
del /f %TEMP%\victim-files-cmd\a
|
||||
del /f #{file_to_delete}
|
||||
|
||||
- name: Delete an entire folder - cmd
|
||||
- name: Delete an entire folder - Windows cmd
|
||||
description: |
|
||||
Recursively delete the temporary directory and all files contained within it using cmd.exe
|
||||
supported_platforms:
|
||||
- windows
|
||||
input_arguments:
|
||||
folder_to_delete:
|
||||
description: Path of folder to delete
|
||||
type: Path
|
||||
default: C:\Windows\Temp\victim-files-cmd
|
||||
executor:
|
||||
name: command_prompt
|
||||
command: |
|
||||
del /f /S %TEMP%\victim-files-cmd
|
||||
del /f /S #{folder_to_delete}
|
||||
|
||||
- name: Delete a single file - ps
|
||||
- name: Delete a single file - Windows PowerShell
|
||||
description: |
|
||||
Delete a single file from the temporary directory using Powershell
|
||||
supported_platforms:
|
||||
- windows
|
||||
input_arguments:
|
||||
file_to_delete:
|
||||
description: Path of file to delete
|
||||
type: Path
|
||||
default: C:\Windows\Temp\victim-files-ps\a
|
||||
executor:
|
||||
name: powershell
|
||||
command: |
|
||||
Remove-Item -path %TEMP%\victim-files-ps\a
|
||||
Remove-Item -path "#{file_to_delete}"
|
||||
|
||||
- name: Delete an entire folder - ps
|
||||
- name: Delete an entire folder - Windows PowerShell
|
||||
description: |
|
||||
Recursively delete the temporary directory and all files contained within it using Powershell
|
||||
supported_platforms:
|
||||
- windows
|
||||
input_arguments:
|
||||
folder_to_delete:
|
||||
description: Path of folder to delete
|
||||
type: Path
|
||||
default: C:\Windows\Temp\victim-files-ps
|
||||
executor:
|
||||
name: powershell
|
||||
command: |
|
||||
Remove-Item -path %TEMP%\victim-files-ps -recurse
|
||||
Remove-Item -path "#{folder_to_delete}" -recurse
|
||||
|
||||
- name: Delete VSS - vssadmin
|
||||
description: |
|
||||
@@ -152,4 +149,4 @@ atomic_tests:
|
||||
executor:
|
||||
name: command_prompt
|
||||
command: |
|
||||
wbdadmin delete catalog -quiet
|
||||
wbadmin delete catalog -quiet
|
||||
|
||||
Reference in New Issue
Block a user