From e5d8aec83ef461b7a5adb508137251b9beb4ef0b Mon Sep 17 00:00:00 2001 From: Atomic Red Team doc generator Date: Wed, 5 Feb 2025 18:52:21 +0000 Subject: [PATCH] Generated docs from job=generate-docs branch=master [ci skip] --- atomics/Indexes/index.yaml | 75 ++++++++++++++++++++---------- atomics/Indexes/windows-index.yaml | 75 ++++++++++++++++++++---------- atomics/T1046/T1046.md | 71 +++++++++++++++++++--------- 3 files changed, 150 insertions(+), 71 deletions(-) diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index 3080f1f2..93d1ee5f 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -109202,7 +109202,9 @@ discovery: input_arguments: ip_address: description: IP-Address within the target subnet. Default is empty and script - tries to determine local IP address of attacking machine. + tries to determine local IP address of attacking machine. A comma separated + list of targe IPs is also accepted (useful to simulate a wider scan while + only scanning key host e.g., honeypots) type: string default: '' port_list: @@ -109214,33 +109216,58 @@ discovery: type: string default: '200' executor: - command: | + command: |- $ipAddr = "#{ip_address}" - if ($ipAddr -eq "") { - # Assumes the "primary" interface is shown at the top - $interface = Get-NetIPInterface -AddressFamily IPv4 -ConnectionState Connected | Select-Object -ExpandProperty InterfaceAlias -First 1 - Write-Host "[i] Using Interface $interface" - $ipAddr = Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias $interface | Select-Object -ExpandProperty IPAddress - } - Write-Host "[i] Base IP-Address for Subnet: $ipAddr" - $subnetSubstring = $ipAddr.Substring(0, $ipAddr.LastIndexOf('.') + 1) - # Always assumes /24 subnet - Write-Host "[i] Assuming /24 subnet. scanning $subnetSubstring'1' to $subnetSubstring'254'" + if ($ipAddr -like "*,*") { + $ip_list = $ipAddr -split "," + $ip_list = $ip_list.ForEach({ $_.Trim() }) + Write-Host "[i] IP Address List: $ip_list" - $ports = #{port_list} - $subnetIPs = 1..254 | ForEach-Object { "$subnetSubstring$_" } + $ports = #{port_list} - foreach ($ip in $subnetIPs) { - foreach ($port in $ports) { - try { - $tcp = New-Object Net.Sockets.TcpClient - $tcp.ConnectAsync($ip, $port).Wait(#{timeout_ms}) | Out-Null - } catch {} - if ($tcp.Connected) { - $tcp.Close() - Write-Host "Port $port is open on $ip" - } + foreach ($ip in $ip_list) { + foreach ($port in $ports) { + Write-Host "[i] Establishing connection to: $ip : $port" + try { + $tcp = New-Object Net.Sockets.TcpClient + $tcp.ConnectAsync($ip, $port).Wait(#{timeout_ms}) | Out-Null + } catch {} + if ($tcp.Connected) { + $tcp.Close() + Write-Host "Port $port is open on $ip" + } + } } + } elseif ($ipAddr -notlike "*,*") { + if ($ipAddr -eq "") { + # Assumes the "primary" interface is shown at the top + $interface = Get-NetIPInterface -AddressFamily IPv4 -ConnectionState Connected | Select-Object -ExpandProperty InterfaceAlias -First 1 + Write-Host "[i] Using Interface $interface" + $ipAddr = Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias $interface | Select-Object -ExpandProperty IPAddress + } + Write-Host "[i] Base IP-Address for Subnet: $ipAddr" + $subnetSubstring = $ipAddr.Substring(0, $ipAddr.LastIndexOf('.') + 1) + # Always assumes /24 subnet + Write-Host "[i] Assuming /24 subnet. scanning $subnetSubstring'1' to $subnetSubstring'254'" + + $ports = #{port_list} + $subnetIPs = 1..254 | ForEach-Object { "$subnetSubstring$_" } + + foreach ($ip in $subnetIPs) { + foreach ($port in $ports) { + try { + $tcp = New-Object Net.Sockets.TcpClient + $tcp.ConnectAsync($ip, $port).Wait(#{timeout_ms}) | Out-Null + } catch {} + if ($tcp.Connected) { + $tcp.Close() + Write-Host "Port $port is open on $ip" + } + } + } + } else { + Write-Host "[Error] Invalid Inputs" + exit 1 } name: powershell - name: Remote Desktop Services Discovery via PowerShell diff --git a/atomics/Indexes/windows-index.yaml b/atomics/Indexes/windows-index.yaml index 737e3473..3dc0c40f 100644 --- a/atomics/Indexes/windows-index.yaml +++ b/atomics/Indexes/windows-index.yaml @@ -89192,7 +89192,9 @@ discovery: input_arguments: ip_address: description: IP-Address within the target subnet. Default is empty and script - tries to determine local IP address of attacking machine. + tries to determine local IP address of attacking machine. A comma separated + list of targe IPs is also accepted (useful to simulate a wider scan while + only scanning key host e.g., honeypots) type: string default: '' port_list: @@ -89204,33 +89206,58 @@ discovery: type: string default: '200' executor: - command: | + command: |- $ipAddr = "#{ip_address}" - if ($ipAddr -eq "") { - # Assumes the "primary" interface is shown at the top - $interface = Get-NetIPInterface -AddressFamily IPv4 -ConnectionState Connected | Select-Object -ExpandProperty InterfaceAlias -First 1 - Write-Host "[i] Using Interface $interface" - $ipAddr = Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias $interface | Select-Object -ExpandProperty IPAddress - } - Write-Host "[i] Base IP-Address for Subnet: $ipAddr" - $subnetSubstring = $ipAddr.Substring(0, $ipAddr.LastIndexOf('.') + 1) - # Always assumes /24 subnet - Write-Host "[i] Assuming /24 subnet. scanning $subnetSubstring'1' to $subnetSubstring'254'" + if ($ipAddr -like "*,*") { + $ip_list = $ipAddr -split "," + $ip_list = $ip_list.ForEach({ $_.Trim() }) + Write-Host "[i] IP Address List: $ip_list" - $ports = #{port_list} - $subnetIPs = 1..254 | ForEach-Object { "$subnetSubstring$_" } + $ports = #{port_list} - foreach ($ip in $subnetIPs) { - foreach ($port in $ports) { - try { - $tcp = New-Object Net.Sockets.TcpClient - $tcp.ConnectAsync($ip, $port).Wait(#{timeout_ms}) | Out-Null - } catch {} - if ($tcp.Connected) { - $tcp.Close() - Write-Host "Port $port is open on $ip" - } + foreach ($ip in $ip_list) { + foreach ($port in $ports) { + Write-Host "[i] Establishing connection to: $ip : $port" + try { + $tcp = New-Object Net.Sockets.TcpClient + $tcp.ConnectAsync($ip, $port).Wait(#{timeout_ms}) | Out-Null + } catch {} + if ($tcp.Connected) { + $tcp.Close() + Write-Host "Port $port is open on $ip" + } + } } + } elseif ($ipAddr -notlike "*,*") { + if ($ipAddr -eq "") { + # Assumes the "primary" interface is shown at the top + $interface = Get-NetIPInterface -AddressFamily IPv4 -ConnectionState Connected | Select-Object -ExpandProperty InterfaceAlias -First 1 + Write-Host "[i] Using Interface $interface" + $ipAddr = Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias $interface | Select-Object -ExpandProperty IPAddress + } + Write-Host "[i] Base IP-Address for Subnet: $ipAddr" + $subnetSubstring = $ipAddr.Substring(0, $ipAddr.LastIndexOf('.') + 1) + # Always assumes /24 subnet + Write-Host "[i] Assuming /24 subnet. scanning $subnetSubstring'1' to $subnetSubstring'254'" + + $ports = #{port_list} + $subnetIPs = 1..254 | ForEach-Object { "$subnetSubstring$_" } + + foreach ($ip in $subnetIPs) { + foreach ($port in $ports) { + try { + $tcp = New-Object Net.Sockets.TcpClient + $tcp.ConnectAsync($ip, $port).Wait(#{timeout_ms}) | Out-Null + } catch {} + if ($tcp.Connected) { + $tcp.Close() + Write-Host "Port $port is open on $ip" + } + } + } + } else { + Write-Host "[Error] Invalid Inputs" + exit 1 } name: powershell - name: Remote Desktop Services Discovery via PowerShell diff --git a/atomics/T1046/T1046.md b/atomics/T1046/T1046.md index c00b705e..053624a0 100644 --- a/atomics/T1046/T1046.md +++ b/atomics/T1046/T1046.md @@ -420,7 +420,7 @@ The connection attempts to use a timeout parameter in milliseconds to speed up t #### Inputs: | Name | Description | Type | Default Value | |------|-------------|------|---------------| -| ip_address | IP-Address within the target subnet. Default is empty and script tries to determine local IP address of attacking machine. | string | | +| ip_address | IP-Address within the target subnet. Default is empty and script tries to determine local IP address of attacking machine. A comma separated list of targe IPs is also accepted (useful to simulate a wider scan while only scanning key host e.g., honeypots) | string | | | port_list | Comma separated list of ports to scan | string | 445, 3389| | timeout_ms | Connection timeout in milliseconds | string | 200| @@ -430,31 +430,56 @@ The connection attempts to use a timeout parameter in milliseconds to speed up t ```powershell $ipAddr = "#{ip_address}" -if ($ipAddr -eq "") { - # Assumes the "primary" interface is shown at the top - $interface = Get-NetIPInterface -AddressFamily IPv4 -ConnectionState Connected | Select-Object -ExpandProperty InterfaceAlias -First 1 - Write-Host "[i] Using Interface $interface" - $ipAddr = Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias $interface | Select-Object -ExpandProperty IPAddress -} -Write-Host "[i] Base IP-Address for Subnet: $ipAddr" -$subnetSubstring = $ipAddr.Substring(0, $ipAddr.LastIndexOf('.') + 1) -# Always assumes /24 subnet -Write-Host "[i] Assuming /24 subnet. scanning $subnetSubstring'1' to $subnetSubstring'254'" +if ($ipAddr -like "*,*") { + $ip_list = $ipAddr -split "," + $ip_list = $ip_list.ForEach({ $_.Trim() }) + Write-Host "[i] IP Address List: $ip_list" -$ports = #{port_list} -$subnetIPs = 1..254 | ForEach-Object { "$subnetSubstring$_" } + $ports = #{port_list} -foreach ($ip in $subnetIPs) { - foreach ($port in $ports) { - try { - $tcp = New-Object Net.Sockets.TcpClient - $tcp.ConnectAsync($ip, $port).Wait(#{timeout_ms}) | Out-Null - } catch {} - if ($tcp.Connected) { - $tcp.Close() - Write-Host "Port $port is open on $ip" - } + foreach ($ip in $ip_list) { + foreach ($port in $ports) { + Write-Host "[i] Establishing connection to: $ip : $port" + try { + $tcp = New-Object Net.Sockets.TcpClient + $tcp.ConnectAsync($ip, $port).Wait(#{timeout_ms}) | Out-Null + } catch {} + if ($tcp.Connected) { + $tcp.Close() + Write-Host "Port $port is open on $ip" + } + } } +} elseif ($ipAddr -notlike "*,*") { + if ($ipAddr -eq "") { + # Assumes the "primary" interface is shown at the top + $interface = Get-NetIPInterface -AddressFamily IPv4 -ConnectionState Connected | Select-Object -ExpandProperty InterfaceAlias -First 1 + Write-Host "[i] Using Interface $interface" + $ipAddr = Get-NetIPAddress -AddressFamily IPv4 -InterfaceAlias $interface | Select-Object -ExpandProperty IPAddress + } + Write-Host "[i] Base IP-Address for Subnet: $ipAddr" + $subnetSubstring = $ipAddr.Substring(0, $ipAddr.LastIndexOf('.') + 1) + # Always assumes /24 subnet + Write-Host "[i] Assuming /24 subnet. scanning $subnetSubstring'1' to $subnetSubstring'254'" + + $ports = #{port_list} + $subnetIPs = 1..254 | ForEach-Object { "$subnetSubstring$_" } + + foreach ($ip in $subnetIPs) { + foreach ($port in $ports) { + try { + $tcp = New-Object Net.Sockets.TcpClient + $tcp.ConnectAsync($ip, $port).Wait(#{timeout_ms}) | Out-Null + } catch {} + if ($tcp.Connected) { + $tcp.Close() + Write-Host "Port $port is open on $ip" + } + } + } +} else { + Write-Host "[Error] Invalid Inputs" + exit 1 } ```