security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1663bf7d524b6fc8a9a39104feb2949b36368dfc
atomic-red-team/atomics/T1083/T1083.md
T
CircleCI Atomic Red Team doc generator 91e86258e6 Generate docs from job=validate_atomics_generate_docs branch=master
2019-10-24 17:09:43 +00:00

3.0 KiB
Raw Blame History

T1083 - File and Directory Discovery

Description from ATT&CK

Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from [File and Directory Discovery](https://attack.mitre.org/techniques/T1083) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.

Windows

Example utilities used to obtain this information are dir and tree. (Citation: Windows Commands JPCERT) Custom tools may also be used to gather file and directory information and interact with the Windows API.

Mac and Linux

In Mac and Linux, this kind of discovery is accomplished with the ls, find, and locate commands.

Atomic Tests


Atomic Test #1 - File and Directory Discovery

Find or discover files on the file system

Supported Platforms: Windows

Run it with command_prompt!

dir /s c:\ >> %temp%\download
dir /s "c:\Documents and Settings" >> %temp%\download
dir /s "c:\Program Files\" >> %temp%\download
dir /s d:\ >> %temp%\download
dir "%systemdrive%\Users\*.*" >> %temp%\download
dir "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.*" >> %temp%\download
dir "%userprofile%\Desktop\*.*" >> %temp%\download
tree /F >> %temp%\download


Atomic Test #2 - File and Directory Discovery

Find or discover files on the file system

Supported Platforms: Windows

Run it with powershell!

ls -recurse
get-childitem -recurse
gci -recurse


Atomic Test #3 - Nix File and Diectory Discovery

Find or discover files on the file system

References:

http://osxdaily.com/2013/01/29/list-all-files-subdirectory-contents-recursively/

https://perishablepress.com/list-files-folders-recursively-terminal/

Supported Platforms: macOS, Linux

Run it with sh!

ls -a > allcontents.txt
ls -la /Library/Preferences/ > detailedprefsinfo.txt
file */* *>> ../files.txt
find . -type f
ls -R | grep ":$" | sed -e 's/:$//' -e 's/[^-][^\/]*\//--/g' -e 's/^/ /' -e 's/-/|/'
locate *
which sh


Atomic Test #4 - Nix File and Directory Discovery

Find or discover files on the file system

Supported Platforms: macOS, Linux

Run it with sh!

cd $HOME && find . -print | sed -e 's;[^/]*/;|__;g;s;__|; |;g' > /tmp/loot.txt
cat /etc/mtab > /tmp/loot.txt
find . -type f -iname *.pdf > /tmp/loot.txt
find . -type f -name ".*"

Reference in New Issue View Git Blame Copy Permalink