Phil Hagen
fd399bb6ed
* fix nesting and remove empty entries * missed an indent correction --------- Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
53 lines
1.5 KiB
YAML
53 lines
1.5 KiB
YAML
attack_technique: T1571
|
|
display_name: Non-Standard Port
|
|
atomic_tests:
|
|
- name: Testing usage of uncommonly used port with PowerShell
|
|
auto_generated_guid: 21fe622f-8e53-4b31-ba83-6d333c2583f4
|
|
description: |
|
|
Testing uncommonly used port utilizing PowerShell. APT33 has been known to attempt telnet over port 8081. Upon execution, details about the successful
|
|
port check will be displayed.
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
port:
|
|
description: Specify uncommon port number
|
|
type: string
|
|
default: "8081"
|
|
domain:
|
|
description: Specify target hostname
|
|
type: string
|
|
default: google.com
|
|
executor:
|
|
command: |
|
|
Test-NetConnection -ComputerName #{domain} -port #{port}
|
|
name: powershell
|
|
- name: Testing usage of uncommonly used port
|
|
auto_generated_guid: 5db21e1d-dd9c-4a50-b885-b1e748912767
|
|
description: |
|
|
Testing uncommonly used port utilizing telnet.
|
|
supported_platforms:
|
|
- linux
|
|
- macos
|
|
input_arguments:
|
|
port:
|
|
description: Specify uncommon port number
|
|
type: string
|
|
default: "8081"
|
|
domain:
|
|
description: Specify target hostname
|
|
type: string
|
|
default: google.com
|
|
dependency_executor_name: sh
|
|
dependencies:
|
|
- description: |
|
|
Requires telnet
|
|
prereq_command: |
|
|
which telnet
|
|
get_prereq_command: |
|
|
echo "please install telnet to run this test"; exit 1
|
|
executor:
|
|
command: |
|
|
echo quit | telnet #{domain} #{port}
|
|
exit 0
|
|
name: sh
|