security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1663bf7d524b6fc8a9a39104feb2949b36368dfc
atomic-red-team/atomics/T1145/T1145.yaml
T
Carrie Roberts 1bfefdacfc Add elevated (#542) 
* provide elevation_required attribute

* provide elevation_required attribute

* provide elevation_required attribute
2019-09-03 07:34:42 -06:00

73 lines
2.0 KiB
YAML
Raw Blame History

---
attack_technique: T1145
display_name: Private Keys
atomic_tests:
- name: Private Keys
description: |
Find private keys on the Windows file system.
File extensions include: .key, .pgp, .gpg, .ppk., .p12, .pem, pfx, .cer, .p7b, .asc
supported_platforms:
- windows
executor:
name: command_prompt
elevation_required: true
command: |
echo "ATOMICREDTEAM" > %windir%\cert.key
dir c:\ /b /s .key | findstr /e .key
- name: Discover Private SSH Keys
description: |
Discover private SSH keys on a macOS or Linux system.
supported_platforms:
- macos
- linux
input_arguments:
output_file:
description: Output file containing locations of SSH key files
type: path
default: /tmp/keyfile_locations.txt
executor:
name: sh
command: |
find / -name id_rsa >> #{output_file}
find / -name id_dsa >> #{output_file}
- name: Copy Private SSH Keys with CP
description: |
Copy private SSH keys on a Linux system to a staging folder using the `cp` command.
supported_platforms:
- linux
input_arguments:
output_folder:
description: Output folder containing copies of SSH private key files
type: path
default: /tmp/art-staging
executor:
name: sh
command: |
mkdir #{output_folder}
find / -name id_rsa -exec cp --parents {} #{output_folder} \;
find / -name id_dsa -exec cp --parents {} #{output_folder} \;
- name: Copy Private SSH Keys with rsync
description: |
Copy private SSH keys on a Linux or macOS system to a staging folder using the `rsync` command.
supported_platforms:
- macos
- linux
input_arguments:
output_folder:
description: Output folder containing copies of SSH private key files
type: path
default: /tmp/art-staging
executor:
name: sh
command: |
mkdir #{output_folder}
find / -name id_rsa -exec rsync -R {} #{output_folder} \;
find / -name id_dsa -exec rsync -R {} #{output_folder} \;
Reference in New Issue View Git Blame Copy Permalink