Kevin Stapleton
604f016a2c
* adding linux client test to T1069.002 AD tests
* changed prereq for packages
* temp removing prereq
* adding first prereq
* prereq fails
* trying elevated permissions
* alright, no prereq
* Revert "temp removing prereq"
This reverts commit 3bc8ef5fb22dc09fa1ca2ad5282cbdbaf55280de.
* should work now
* removing prereq entirely
* correct dependency_executor
* adding prereq check for all packages
* adding input arg for password
* changing command to autoinclude password
* back to original command, starting work on 1078
* back to original command, starting work on 1078
* putting echo on command for runner to see arguments supplied
* continuing work on 1078
* first attempt at T1078.002
* removed extraneous code
* temp remove cleanup
* removed flag on echo
* updated first comand
* updating input variable ref
* removing flag again
* updating ou
* attempting to change ou to cn
* new uid
* explictely defining dc
* more attempts
* changed uid
* removed first uid
* trying without num
* changing cn back to ou
* change case
* fixed dc
* removing second dc ref
* following IBM guide
* removed extraneous space
* space between userpassword
* reintroducing dc
* added echo
* trying something new
* updated echo
* adding back admin user input
* attempting default
* trying add to previous group
* revert back to just admin user
* missed #
* adding back -x
* making ou and cn match
* attempting to match search style
* removing space
* improved formatting
* simplified
* replacing authentication
* -D object
* reintroduced admin user
* fixed top level domain
* return to old
* holding breath
* setting user to just person type
* removing uid from front
* changing dc
* trying to update cn
* update cn
* changing to object form... again
* chat gpt wrote this
* added cleanup
* updating command
* removed space
* added space
* revert from object
* looking into issues with cleanup command being unable to find user (yet it already exists)
* changed ldapdelete to ldapmodify
* updating temporary user name
* fixing typo in cleanup command
* creating new yaml file for T1136, similar to T1078. Future plans to modify T1078.002 to either run a process or elevate a user
* first attempt at creating domain admin
* changing CN to Domain Admins
* improved formatting (getting error 32)
* changing ldif file echo
* ldapadd to ldapmodify
* adding domain admins domain if it doesn't exist
* redo formatting
* removing create domain admin group
* trying ldapadd again
* updating prereq commands, removing admin requirement from ldapsearchs
* adding linux client test to T1069.002 AD tests
* changed prereq for packages
* temp removing prereq
* adding first prereq
* prereq fails
* trying elevated permissions
* alright, no prereq
* Revert "temp removing prereq"
This reverts commit 3bc8ef5fb22dc09fa1ca2ad5282cbdbaf55280de.
* should work now
* removing prereq entirely
* correct dependency_executor
* adding prereq check for all packages
* adding input arg for password
* changing command to autoinclude password
* back to original command, starting work on 1078
* back to original command, starting work on 1078
* putting echo on command for runner to see arguments supplied
* continuing work on 1078
* first attempt at T1078.002
* removed extraneous code
* temp remove cleanup
* removed flag on echo
* updated first comand
* updating input variable ref
* removing flag again
* updating ou
* attempting to change ou to cn
* new uid
* explictely defining dc
* more attempts
* changed uid
* removed first uid
* trying without num
* changing cn back to ou
* change case
* fixed dc
* removing second dc ref
* following IBM guide
* removed extraneous space
* space between userpassword
* reintroducing dc
* added echo
* trying something new
* updated echo
* adding back admin user input
* attempting default
* trying add to previous group
* revert back to just admin user
* missed #
* adding back -x
* making ou and cn match
* attempting to match search style
* removing space
* improved formatting
* simplified
* replacing authentication
* -D object
* reintroduced admin user
* fixed top level domain
* return to old
* holding breath
* setting user to just person type
* removing uid from front
* changing dc
* trying to update cn
* update cn
* changing to object form... again
* chat gpt wrote this
* added cleanup
* updating command
* removed space
* added space
* revert from object
* looking into issues with cleanup command being unable to find user (yet it already exists)
* changed ldapdelete to ldapmodify
* updating temporary user name
* fixing typo in cleanup command
* creating new yaml file for T1136, similar to T1078. Future plans to modify T1078.002 to either run a process or elevate a user
* first attempt at creating domain admin
* changing CN to Domain Admins
* improved formatting (getting error 32)
* changing ldif file echo
* ldapadd to ldapmodify
* adding domain admins domain if it doesn't exist
* redo formatting
* removing create domain admin group
* trying ldapadd again
* updating prereq commands, removing admin requirement from ldapsearchs
* small changes to search parameters
* changed Domains search to search for Domain Users
* added objectClass=group flag
* separating flag from string
* removing T1078, to be done in future
* added {cleartext} to admin password
* restoring deleted file. My antivirus really hates this file...
* update for spec
* update to spec
* adding name to atomic test
* moved from deprecated -h -p flags to -H flag
* fix cleanup commands with same flag changes
* add ldap://
* removing unused input variable, domain controller
* final commit, all tests passed with -H, updating the desc of T1136.002/4
---------
Co-authored-by: Hare Sudhan <code@0x6c.dev>
Atomic Red Team
Atomic Red Team™ is a library of tests mapped to the MITRE ATT&CK® framework. Security teams can use Atomic Red Team to quickly, portably, and reproducibly test their environments.
Get started
You can execute atomic tests directly from the command line, no installation required. See the Getting started page of our wiki.
For a more robust testing experience, consider using an execution framework like Invoke-Atomic.
Learn more
The Atomic Red Team documentation is available as a wiki.
For information about the philosophy and development of Atomic Red Team, visit our website at https://atomicredteam.io.
Contribute to Atomic Red Team
Atomic Red Team is open source and community developed. If you're interested in becoming a contributor, check out these resources:
- Join our Slack workspace and get involved with the community. Don't forget to review the code of conduct before you join.
- Report bugs and request new features by submitting an issue.
- Read our contribution guide for more information about contributing directly to this repository.
- Check the license for information regarding the distribution and modification of Atomic Red Team.