Carrie Roberts
1bfefdacfc
* provide elevation_required attribute * provide elevation_required attribute * provide elevation_required attribute
101 lines
2.8 KiB
YAML
101 lines
2.8 KiB
YAML
---
|
|
attack_technique: T1136
|
|
display_name: Create Account
|
|
|
|
atomic_tests:
|
|
- name: Create a user account on a Linux system
|
|
description: |
|
|
Create a user via useradd
|
|
supported_platforms:
|
|
- linux
|
|
input_arguments:
|
|
username:
|
|
description: Username of the user to create
|
|
type: String
|
|
default: evil_user
|
|
comment:
|
|
description: Comment to record when creating the user
|
|
type: String
|
|
default: Evil Account
|
|
executor:
|
|
name: bash
|
|
command: |
|
|
useradd -M -N -r -s /bin/bash -c "#{comment}" #{username}
|
|
|
|
- name: Create a user account on a MacOS system
|
|
description: |
|
|
Creates a user on a MacOS system with dscl
|
|
supported_platforms:
|
|
- macos
|
|
input_arguments:
|
|
username:
|
|
description: Username of the user to create
|
|
type: String
|
|
default: evil_user
|
|
realname:
|
|
description: "'realname' to record when creating the user"
|
|
type: String
|
|
default: Evil Account
|
|
executor:
|
|
name: bash
|
|
command: |
|
|
dscl . -create /Users/#{username}
|
|
dscl . -create /Users/#{username} UserShell /bin/bash
|
|
dscl . -create /Users/#{username} RealName "#{realname}"
|
|
dscl . -create /Users/#{username} UniqueID "1010"
|
|
dscl . -create /Users/#{username} PrimaryGroupID 80
|
|
dscl . -create /Users/#{username} NFSHomeDirectory /Users/#{username}
|
|
|
|
- name: Create a new user in a command prompt
|
|
description: |
|
|
Creates a new user in a command prompt
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
username:
|
|
description: Username of the user to create
|
|
type: String
|
|
default: Evil Account
|
|
executor:
|
|
name: command_prompt
|
|
elevation_required: true
|
|
command: |
|
|
net user /add #{username}
|
|
|
|
- name: Create a new user in PowerShell
|
|
description: |
|
|
Creates a new user in PowerShell
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
username:
|
|
description: Username of the user to create
|
|
type: String
|
|
default: Evil Account
|
|
executor:
|
|
name: powershell
|
|
elevation_required: true
|
|
command: |
|
|
New-LocalUser -Name #{username} -NoPassword
|
|
net user /add #{username}
|
|
|
|
|
|
- name: Create a new user in Linux with `root` UID and GID.
|
|
description: |
|
|
Creates a new user in Linux and adds the user to the `root` group. This technique was used by adversaries during the Butter attack campaign.
|
|
supported_platforms:
|
|
- linux
|
|
input_arguments:
|
|
username:
|
|
description: Username of the user to create
|
|
type: String
|
|
default: butter
|
|
password:
|
|
description: Password of the user to create
|
|
type: String
|
|
default: BetterWithButter
|
|
executor:
|
|
name: bash
|
|
command: |
|
|
useradd -o -u 0 -g 0 -M -d /root -s /bin/bash #{username}
|
|
echo "#{password}" | passwd --stdin #{username} |