added prereq to test #2 (#1185)

* added prereq to test #2 * Update T1071.001.yaml remove test "z" Co-authored-by: Carrie Roberts <[email protected]>
redcanaryco · Aug 7, 2020 · cd1c015 · cd1c015
1 parent 54c0e74
commit cd1c015
Showing 1 changed file with 22 additions and 4 deletions.
diff --git a/atomics/T1071.001/T1071.001.yaml b/atomics/T1071.001/T1071.001.yaml
@@ -22,6 +22,7 @@ atomic_tests:
       Invoke-WebRequest #{domain} -UserAgent "Opera/8.81 (Windows NT 6.0; U; en)" | out-null
       Invoke-WebRequest #{domain} -UserAgent "*<|>*" | out-null
     name: powershell
+
 - name: Malicious User Agents - CMD
   auto_generated_guid: dc3488b0-08c7-4fea-b585-905c83b48180
   description: |
@@ -36,13 +37,30 @@ atomic_tests:
       description: Default domain to simulate against
       type: string
       default: www.google.com
+    curl_path:
+      description: path to curl.exe
+      type: path
+      default: C:\Windows\System32\Curl.exe
+  dependency_executor_name: powershell 
+  dependencies: 
+    - description: |
+        Curl must be installed on system 
+      prereq_command: |
+        if (Test-Path #{curl_path}) {exit 0} else {exit 1}
+      get_prereq_command: |
+        Invoke-WebRequest "https://curl.haxx.se/windows/dl-7.71.1/curl-7.71.1-win32-mingw.zip" -Outfile $env:temp\curl.zip
+        Expand-Archive -Path $env:temp\curl.zip -DestinationPath $env:temp\curl
+        Copy-Item $env:temp\curl\curl-7.71.1-win32-mingw\bin\curl.exe #{curl_path}
+        Remove-Item $env:temp\curl
+        Remove-Item $env:temp\curl.zip
   executor:
     command: |
-      curl -s -A "HttpBrowser/1.0" -m3 #{domain} >nul 2>&1
-      curl -s -A "Wget/1.9+cvs-stable (Red Hat modified)" -m3 #{domain} >nul 2>&1
-      curl -s -A "Opera/8.81 (Windows NT 6.0; U; en)" -m3 #{domain} >nul 2>&1
-      curl -s -A "*<|>*" -m3 #{domain} >nul 2>&1
+      #{curl_path} -s -A "HttpBrowser/1.0" -m3 #{domain} >nul 2>&1
+      #{curl_path} -s -A "Wget/1.9+cvs-stable (Red Hat modified)" -m3 #{domain} >nul 2>&1
+      #{curl_path} -s -A "Opera/8.81 (Windows NT 6.0; U; en)" -m3 #{domain} >nul 2>&1
+      #{curl_path} -s -A "*<|>*" -m3 #{domain} >nul 2>&1
     name: command_prompt
+
 - name: Malicious User Agents - Nix
   auto_generated_guid: 2d7c471a-e887-4b78-b0dc-b0df1f2e0658
   description: |