From e7350762117617eedc78666b0272f3fa027598ff Mon Sep 17 00:00:00 2001 From: Atomic Red Team doc generator Date: Wed, 9 Oct 2024 16:03:51 +0000 Subject: [PATCH] Generated docs from job=generate-docs branch=master [ci skip] --- atomics/Indexes/index.yaml | 13 ++++++------- atomics/Indexes/linux-index.yaml | 13 ++++++------- atomics/T1562.003/T1562.003.md | 4 ---- 3 files changed, 12 insertions(+), 18 deletions(-) diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index cef27331..cfa5aaf1 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -19848,13 +19848,12 @@ defense-evasion: elevation_required: false command: "if ((${#HISTIGNORE[@]})); then echo \"\\$HISTIGNORE = $HISTIGNORE\"; else export HISTIGNORE='ls*:rm*:ssh*'; echo \"\\$HISTIGNORE = $HISTIGNORE\"; - fi\n# -> $HISTIGNORE = ls*:rm*:ssh*\nhistory -c \nls -la $HISTFILE\nls -la - ~/.bash_logout\nif [ $(history |wc -l) -eq 1 ]; then echo \"ls commands - are not in history\"; fi\n# -> ls commands are not in history\nunset HISTIGNORE\n\nif - ((${#HISTIGNORE[@]})); then echo \"\\$HISTIGNORE = $HISTIGNORE\"; else export - HISTIGNORE='*'; echo \"\\$HISTIGNORE = $HISTIGNORE\"; fi\n# -> $HISTIGNORE - = *\nhistory -c \nwhoami\ngroups\nif [ $(history |wc -l) -eq 0 ]; then echo - \"History cache is empty\"; fi\n# -> History cache is empty\n" + fi\nhistory -c \nls -la $HISTFILE\nls -la ~/.bash_logout\nif [ $(history + |wc -l) -eq 1 ]; then echo \"ls commands are not in history\"; fi\nunset + HISTIGNORE\n\nif ((${#HISTIGNORE[@]})); then echo \"\\$HISTIGNORE = $HISTIGNORE\"; + else export HISTIGNORE='*'; echo \"\\$HISTIGNORE = $HISTIGNORE\"; fi\nhistory + -c \nwhoami\ngroups\nif [ $(history |wc -l) -eq 0 ]; then echo \"History + cache is empty\"; fi\n" cleanup_command: 'unset HISTIGNORE ' diff --git a/atomics/Indexes/linux-index.yaml b/atomics/Indexes/linux-index.yaml index 8c55d6a9..b7acc0e4 100644 --- a/atomics/Indexes/linux-index.yaml +++ b/atomics/Indexes/linux-index.yaml @@ -11417,13 +11417,12 @@ defense-evasion: elevation_required: false command: "if ((${#HISTIGNORE[@]})); then echo \"\\$HISTIGNORE = $HISTIGNORE\"; else export HISTIGNORE='ls*:rm*:ssh*'; echo \"\\$HISTIGNORE = $HISTIGNORE\"; - fi\n# -> $HISTIGNORE = ls*:rm*:ssh*\nhistory -c \nls -la $HISTFILE\nls -la - ~/.bash_logout\nif [ $(history |wc -l) -eq 1 ]; then echo \"ls commands - are not in history\"; fi\n# -> ls commands are not in history\nunset HISTIGNORE\n\nif - ((${#HISTIGNORE[@]})); then echo \"\\$HISTIGNORE = $HISTIGNORE\"; else export - HISTIGNORE='*'; echo \"\\$HISTIGNORE = $HISTIGNORE\"; fi\n# -> $HISTIGNORE - = *\nhistory -c \nwhoami\ngroups\nif [ $(history |wc -l) -eq 0 ]; then echo - \"History cache is empty\"; fi\n# -> History cache is empty\n" + fi\nhistory -c \nls -la $HISTFILE\nls -la ~/.bash_logout\nif [ $(history + |wc -l) -eq 1 ]; then echo \"ls commands are not in history\"; fi\nunset + HISTIGNORE\n\nif ((${#HISTIGNORE[@]})); then echo \"\\$HISTIGNORE = $HISTIGNORE\"; + else export HISTIGNORE='*'; echo \"\\$HISTIGNORE = $HISTIGNORE\"; fi\nhistory + -c \nwhoami\ngroups\nif [ $(history |wc -l) -eq 0 ]; then echo \"History + cache is empty\"; fi\n" cleanup_command: 'unset HISTIGNORE ' diff --git a/atomics/T1562.003/T1562.003.md b/atomics/T1562.003/T1562.003.md index 0ceca78e..15531b20 100644 --- a/atomics/T1562.003/T1562.003.md +++ b/atomics/T1562.003/T1562.003.md @@ -393,21 +393,17 @@ In this test we 1. set HISTIGNORE to ignore ls, rm and ssh commands 2. clear thi ```bash if ((${#HISTIGNORE[@]})); then echo "\$HISTIGNORE = $HISTIGNORE"; else export HISTIGNORE='ls*:rm*:ssh*'; echo "\$HISTIGNORE = $HISTIGNORE"; fi -# -> $HISTIGNORE = ls*:rm*:ssh* history -c ls -la $HISTFILE ls -la ~/.bash_logout if [ $(history |wc -l) -eq 1 ]; then echo "ls commands are not in history"; fi -# -> ls commands are not in history unset HISTIGNORE if ((${#HISTIGNORE[@]})); then echo "\$HISTIGNORE = $HISTIGNORE"; else export HISTIGNORE='*'; echo "\$HISTIGNORE = $HISTIGNORE"; fi -# -> $HISTIGNORE = * history -c whoami groups if [ $(history |wc -l) -eq 0 ]; then echo "History cache is empty"; fi -# -> History cache is empty ``` #### Cleanup Commands: