From 00948b00589d9682edb9213728974f518eedf0d2 Mon Sep 17 00:00:00 2001 From: CircleCI Atomic Red Team doc generator Date: Tue, 15 Sep 2020 14:53:29 +0000 Subject: [PATCH] Generate docs from job=validate_atomics_generate_docs branch=master --- atomics/Indexes/index.yaml | 36 ++++++++++++++++++++++++++++------ atomics/T1053.003/T1053.003.md | 9 +++++++++ 2 files changed, 39 insertions(+), 6 deletions(-) diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index e122277470..e3358cee26 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -2091,7 +2091,10 @@ privilege-escalation: default: "/tmp/persistevil" executor: name: bash - command: 'echo "* * * * * #{command}" > #{tmp_cron} && crontab #{tmp_cron} + command: | + crontab -l > /tmp/notevil + echo "* * * * * #{command}" > #{tmp_cron} && crontab #{tmp_cron} + cleanup_command: 'crontab /tmp/notevil ' - name: Cron - Add script to cron folder @@ -2116,7 +2119,12 @@ privilege-escalation: executor: elevation_required: true name: bash - command: echo "#{command}" > /etc/cron.daily/#{cron_script_name} + command: 'echo "#{command}" > /etc/cron.daily/#{cron_script_name} + +' + cleanup_command: 'rm /etc/cron.daily/#{cron_script_name} + +' T1574.001: technique: created: '2020-03-13T18:11:08.357Z' @@ -10652,7 +10660,10 @@ persistence: default: "/tmp/persistevil" executor: name: bash - command: 'echo "* * * * * #{command}" > #{tmp_cron} && crontab #{tmp_cron} + command: | + crontab -l > /tmp/notevil + echo "* * * * * #{command}" > #{tmp_cron} && crontab #{tmp_cron} + cleanup_command: 'crontab /tmp/notevil ' - name: Cron - Add script to cron folder @@ -10677,7 +10688,12 @@ persistence: executor: elevation_required: true name: bash - command: echo "#{command}" > /etc/cron.daily/#{cron_script_name} + command: 'echo "#{command}" > /etc/cron.daily/#{cron_script_name} + +' + cleanup_command: 'rm /etc/cron.daily/#{cron_script_name} + +' T1574.001: technique: created: '2020-03-13T18:11:08.357Z' @@ -41898,7 +41914,10 @@ execution: default: "/tmp/persistevil" executor: name: bash - command: 'echo "* * * * * #{command}" > #{tmp_cron} && crontab #{tmp_cron} + command: | + crontab -l > /tmp/notevil + echo "* * * * * #{command}" > #{tmp_cron} && crontab #{tmp_cron} + cleanup_command: 'crontab /tmp/notevil ' - name: Cron - Add script to cron folder @@ -41923,7 +41942,12 @@ execution: executor: elevation_required: true name: bash - command: echo "#{command}" > /etc/cron.daily/#{cron_script_name} + command: 'echo "#{command}" > /etc/cron.daily/#{cron_script_name} + +' + cleanup_command: 'rm /etc/cron.daily/#{cron_script_name} + +' T1559.002: technique: created: '2020-02-12T14:10:50.699Z' diff --git a/atomics/T1053.003/T1053.003.md b/atomics/T1053.003/T1053.003.md index be4b626ab8..12d8bab519 100644 --- a/atomics/T1053.003/T1053.003.md +++ b/atomics/T1053.003/T1053.003.md @@ -32,9 +32,14 @@ This test replaces the current user's crontab file with the contents of the refe ```bash +crontab -l > /tmp/notevil echo "* * * * * #{command}" > #{tmp_cron} && crontab #{tmp_cron} ``` +#### Cleanup Commands: +```bash +crontab /tmp/notevil +``` @@ -65,6 +70,10 @@ This test adds a script to a cron folder configured to execute on a schedule. Th echo "#{command}" > /etc/cron.daily/#{cron_script_name} ``` +#### Cleanup Commands: +```bash +rm /etc/cron.daily/#{cron_script_name} +```