security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1663bf7d524b6fc8a9a39104feb2949b36368dfc
atomic-red-team/atomics/T1083/T1083.yaml
T
Carrie Roberts 1bfefdacfc Add elevated (#542) 
* provide elevation_required attribute

* provide elevation_required attribute

* provide elevation_required attribute
2019-09-03 07:34:42 -06:00

82 lines
2.0 KiB
YAML
Raw Blame History

---
attack_technique: T1083
display_name: File and Directory Discovery
atomic_tests:
- name: File and Directory Discovery
description: |
Find or discover files on the file system
supported_platforms:
- windows
executor:
name: command_prompt
elevation_required: false
command: |
dir /s c:\ >> %temp%\download
dir /s "c:\Documents and Settings" >> %temp%\download
dir /s "c:\Program Files\" >> %temp%\download
dir /s d:\ >> %temp%\download
dir "%systemdrive%\Users\*.*" >> %temp%\download
dir "%userprofile%\AppData\Roaming\Microsoft\Windows\Recent\*.*" >> %temp%\download
dir "%userprofile%\Desktop\*.*" >> %temp%\download
tree /F >> %temp%\download
- name: File and Directory Discovery
description: |
Find or discover files on the file system
supported_platforms:
- windows
executor:
name: powershell
elevation_required: false
command: |
ls -recurse
get-childitem -recurse
gci -recurse
- name: Nix File and Diectory Discovery
description: |
Find or discover files on the file system
References:
http://osxdaily.com/2013/01/29/list-all-files-subdirectory-contents-recursively/
https://perishablepress.com/list-files-folders-recursively-terminal/
supported_platforms:
- macos
- linux
executor:
name: sh
command: |
ls -a > allcontents.txt
ls -la /Library/Preferences/ > detailedprefsinfo.txt
file */* *>> ../files.txt
find . -type f
ls -R | grep ":$" | sed -e 's/:$//' -e 's/[^-][^\/]*\//--/g' -e 's/^/ /' -e 's/-/|/'
locate *
which sh
- name: Nix File and Directory Discovery
description: |
Find or discover files on the file system
supported_platforms:
- macos
- linux
executor:
name: sh
command: |
cd $HOME && find . -print | sed -e 's;[^/]*/;|__;g;s;__|; |;g' > /tmp/loot.txt
cat /etc/mtab > /tmp/loot.txt
find . -type f -iname *.pdf > /tmp/loot.txt
find . -type f -name ".*"
Reference in New Issue View Git Blame Copy Permalink