Hare Sudhan
7dfdc97d79
* FreeBSD Cleanup * cleanup * fix t1016 * reducing multiline if else to single line * fix t1037.003 * ignore T1003.007 * fix t1003.007 * more fixes
36 lines
1.4 KiB
YAML
36 lines
1.4 KiB
YAML
attack_technique: T1036.006
|
|
display_name: 'Masquerading: Space after Filename'
|
|
atomic_tests:
|
|
- name: Space After Filename (Manual)
|
|
auto_generated_guid: 89a7dd26-e510-4c9f-9b15-f3bae333360f
|
|
description: |
|
|
Space After Filename
|
|
supported_platforms:
|
|
- macos
|
|
executor:
|
|
steps: |
|
|
1. echo '#!/bin/bash\necho "print \"hello, world!\"" | /usr/bin/python\nexit' > execute.txt && chmod +x execute.txt
|
|
|
|
2. mv execute.txt "execute.txt "
|
|
|
|
3. ./execute.txt\
|
|
name: manual
|
|
- name: Space After Filename
|
|
auto_generated_guid: b95ce2eb-a093-4cd8-938d-5258cef656ea
|
|
description: |
|
|
Space after filename.
|
|
supported_platforms:
|
|
- macos
|
|
- linux
|
|
executor:
|
|
name: sh
|
|
command: |
|
|
mkdir -p /tmp/atomic-test-T1036.006
|
|
cd /tmp/atomic-test-T1036.006
|
|
mkdir -p 'testdirwithspaceend '
|
|
[ "$(uname)" = 'FreeBSD' ] && /bin/echo "#\!/bin/sh" > "testdirwithspaceend /init " && echo 'echo "print(\"running T1035.006 with space after filename to masquerade init\")" | python3.9' >> "testdirwithspaceend /init " && echo "exit" >> "testdirwithspaceend /init " || /usr/bin/echo -e "%d\na\n#!/usr/bin/perl\nprint \"running T1035.006 with space after filename to masquerade init\\n\";\nqx/cp \/usr\/bin\/perl 'init '/;\nqx/'.\/init ' -e 'sleep 5'/;\n.\nwq\n" | ed 'testdirwithspaceend /init ' >/dev/null
|
|
chmod +x 'testdirwithspaceend /init '
|
|
'./testdirwithspaceend /init '
|
|
cleanup_command:
|
|
rm -rf /tmp/atomic-test-T1036.006
|