security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into T1037.004-Linux-Atomic-Test

Browse Source
This commit is contained in:
Carl
2021-06-04 11:12:59 -06:00
committed by GitHub
parent bc053b0958 753c1d59ee
commit f83e8abecb
1 changed files with 0 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1543.002/T1543.002.md
-65
View File
@@ -16,8 +16,6 @@ While adversaries typically require root privileges to create/modify service uni
- [Atomic Test #1 - Create Systemd Service](#atomic-test-1---create-systemd-service)
- [Atomic Test #2 - Create Systemd Service unit file, Enable the service , Modify and Reload the service.](#atomic-test-2---create-systemd-service-unit-file--enable-the-service--modify-and-reload-the-service)
<br/>
@@ -77,67 +75,4 @@ systemctl daemon-reload
<br/>
<br/>
## Atomic Test #2 - Create Systemd Service unit file, Enable the service , Modify and Reload the service.
This test creates a systemd service unit file and enables it to autostart on boot. Once service is created and enabled, it also modifies this same service file showcasing both Creation and Modification of system process.
**Supported Platforms:** Linux
#### Attack Commands: Run with `bash`! Elevation Required (e.g. root or admin)
```bash
cat > /etc/init.d/T1543.002 << EOF
#!/bin/bash
### BEGIN INIT INFO
# Provides : Atomic Test T1543.002
# Required-Start: $all
# Required-Stop :
# Default-Start: 2 3 4 5
# Default-Stop:
# Short Description: Atomic Test for Systemd Service Creation
### END INIT INFO
python3 -c "import os, base64;exec(base64.b64decode('aW1wb3J0IG9zCm9zLnBvcGVuKCdlY2hvIGF0b21pYyB0ZXN0IGZvciBDcmVhdGluZyBTeXN0ZW1kIFNlcnZpY2UgVDE1NDMuMDAyID4gL3RtcC9UMTU0My4wMDIuc3lzdGVtZC5zZXJ2aWNlLmNyZWF0aW9uJykK'))"
EOF
chmod +x /etc/init.d/T1543.002
if [ $(cat /etc/os-release | grep -i ID=ubuntu) ] || [ $(cat /etc/os-release | grep -i ID=kali) ]; then update-rc.d T1543.002 defaults; elif [ $(cat /etc/os-release | grep -i 'ID="centos"') ]; then chkconfig T1543.002 on ; else echo "Please run this test on Ubnutu , kali OR centos" ; fi ;
systemctl enable T1543.002
systemctl start T1543.002
echo "python3 -c \"import os, base64;exec(base64.b64decode('aW1wb3J0IG9zCm9zLnBvcGVuKCdlY2hvIGF0b21pYyB0ZXN0IGZvciBtb2RpZnlpbmcgYSBTeXN0ZW1kIFNlcnZpY2UgVDE1NDMuMDAyID4gL3RtcC9UMTU0My4wMDIuc3lzdGVtZC5zZXJ2aWNlLm1vZGlmaWNhdGlvbicpCg=='))\"" | sudo tee -a /etc/init.d/T1543.002
systemctl daemon-reload
systemctl restart T1543.002
```
#### Cleanup Commands:
```bash
systemctl stop T1543.002
systemctl disable T1543.002
rm -rf /etc/init.d/T1543.002
systemctl daemon-reload
```
#### Dependencies: Run with `bash`!
##### Description: System must be Ubuntu ,Kali OR CentOS.
##### Check Prereq Commands:
```bash
if [ $(cat /etc/os-release | grep -i ID=ubuntu) ] || [ $(cat /etc/os-release | grep -i ID=kali) ] || [ $(cat /etc/os-release | grep -i 'ID="centos"') ]; then exit /b 0; else exit /b 1; fi;
```
##### Get Prereq Commands:
```bash
echo Please run these atomic tests from Ubuntu ,Kali OR CentOS.
```
<br/>