Generated docs from job=generate-docs branch=master [ci skip]

README.md

@@ -2,7 +2,7 @@
 
 # Atomic Red Team
 
-![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1629-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
+![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1630-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
 
 Atomic Red Team™ is a library of tests mapped to the
 [MITRE ATT&CK®](https://attack.mitre.org/) framework. Security teams can use

atomics/Indexes/Indexes-CSV/index.csv

@@ -1018,6 +1018,7 @@ execution,T1059.004,Command and Scripting Interpreter: Bash,13,Current kernel in
 execution,T1059.004,Command and Scripting Interpreter: Bash,14,Shell Creation using awk command,ee72b37d-b8f5-46a5-a9e7-0ff50035ffd5,sh
 execution,T1059.004,Command and Scripting Interpreter: Bash,15,Creating shell using cpan command,bcd4c2bc-490b-4f91-bd31-3709fe75bbdf,sh
 execution,T1059.004,Command and Scripting Interpreter: Bash,16,Shell Creation using busybox command,ab4d04af-68dc-4fee-9c16-6545265b3276,sh
+execution,T1059.004,Command and Scripting Interpreter: Bash,17,emacs spawning an interactive system shell,e0742e38-6efe-4dd4-ba5c-2078095b6156,sh
 execution,T1559,Inter-Process Communication,1,Cobalt Strike Artifact Kit pipe,bd13b9fc-b758-496a-b81a-397462f82c72,command_prompt
 execution,T1559,Inter-Process Communication,2,Cobalt Strike Lateral Movement (psexec_psh) pipe,830c8b6c-7a70-4f40-b975-8bbe74558acd,command_prompt
 execution,T1559,Inter-Process Communication,3,Cobalt Strike SSH (postex_ssh) pipe,d1f72fa0-5bc2-4b4b-bd1e-43b6e8cfb2e6,command_prompt

atomics/Indexes/Indexes-CSV/linux-index.csv

@@ -401,6 +401,7 @@ execution,T1059.004,Command and Scripting Interpreter: Bash,13,Current kernel in
 execution,T1059.004,Command and Scripting Interpreter: Bash,14,Shell Creation using awk command,ee72b37d-b8f5-46a5-a9e7-0ff50035ffd5,sh
 execution,T1059.004,Command and Scripting Interpreter: Bash,15,Creating shell using cpan command,bcd4c2bc-490b-4f91-bd31-3709fe75bbdf,sh
 execution,T1059.004,Command and Scripting Interpreter: Bash,16,Shell Creation using busybox command,ab4d04af-68dc-4fee-9c16-6545265b3276,sh
+execution,T1059.004,Command and Scripting Interpreter: Bash,17,emacs spawning an interactive system shell,e0742e38-6efe-4dd4-ba5c-2078095b6156,sh
 execution,T1059.006,Command and Scripting Interpreter: Python,1,Execute shell script via python's command mode arguement,3a95cdb2-c6ea-4761-b24e-02b71889b8bb,sh
 execution,T1059.006,Command and Scripting Interpreter: Python,2,Execute Python via scripts,6c4d1dcb-33c7-4c36-a8df-c6cfd0408be8,sh
 execution,T1059.006,Command and Scripting Interpreter: Python,3,Execute Python via Python executables,0b44d79b-570a-4b27-a31f-3bf2156e5eaa,sh

atomics/Indexes/Indexes-CSV/macos-index.csv

@@ -249,6 +249,7 @@ execution,T1059.004,Command and Scripting Interpreter: Bash,1,Create and Execute
 execution,T1059.004,Command and Scripting Interpreter: Bash,2,Command-Line Interface,d0c88567-803d-4dca-99b4-7ce65e7b257c,sh
 execution,T1059.004,Command and Scripting Interpreter: Bash,14,Shell Creation using awk command,ee72b37d-b8f5-46a5-a9e7-0ff50035ffd5,sh
 execution,T1059.004,Command and Scripting Interpreter: Bash,15,Creating shell using cpan command,bcd4c2bc-490b-4f91-bd31-3709fe75bbdf,sh
+execution,T1059.004,Command and Scripting Interpreter: Bash,17,emacs spawning an interactive system shell,e0742e38-6efe-4dd4-ba5c-2078095b6156,sh
 impact,T1531,Account Access Removal,4,Change User Password via passwd,3c717bf3-2ecc-4d79-8ac8-0bfbf08fbce6,sh
 impact,T1531,Account Access Removal,5,Delete User via dscl utility,4d938c43-2fe8-4d70-a5b3-5bf239aa7846,sh
 impact,T1531,Account Access Removal,6,Delete User via sysadminctl utility,d3812c4e-30ee-466a-a0aa-07e355b561d6,sh

atomics/Indexes/Indexes-Markdown/index.md

@@ -1353,6 +1353,7 @@
   - Atomic Test #14: Shell Creation using awk command [linux, macos]
   - Atomic Test #15: Creating shell using cpan command [linux, macos]
   - Atomic Test #16: Shell Creation using busybox command [linux]
+  - Atomic Test #17: emacs spawning an interactive system shell [linux, macos]
 - [T1559 Inter-Process Communication](../../T1559/T1559.md)
   - Atomic Test #1: Cobalt Strike Artifact Kit pipe [windows]
   - Atomic Test #2: Cobalt Strike Lateral Movement (psexec_psh) pipe [windows]

atomics/Indexes/Indexes-Markdown/linux-index.md

@@ -739,6 +739,7 @@
   - Atomic Test #14: Shell Creation using awk command [linux, macos]
   - Atomic Test #15: Creating shell using cpan command [linux, macos]
   - Atomic Test #16: Shell Creation using busybox command [linux]
+  - Atomic Test #17: emacs spawning an interactive system shell [linux, macos]
 - T1559 Inter-Process Communication [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1203 Exploitation for Client Execution [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - [T1059.006 Command and Scripting Interpreter: Python](../../T1059.006/T1059.006.md)

atomics/Indexes/Indexes-Markdown/macos-index.md

@@ -598,6 +598,7 @@
   - Atomic Test #2: Command-Line Interface [linux, macos]
   - Atomic Test #14: Shell Creation using awk command [linux, macos]
   - Atomic Test #15: Creating shell using cpan command [linux, macos]
+  - Atomic Test #17: emacs spawning an interactive system shell [linux, macos]
 - T1559 Inter-Process Communication [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1203 Exploitation for Client Execution [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1059.006 Command and Scripting Interpreter: Python [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)

atomics/Indexes/index.yaml

@@ -54994,6 +54994,32 @@ execution:
         cleanup_command: 
         name: sh
         elevation_required: false
+    - name: emacs spawning an interactive system shell
+      auto_generated_guid: e0742e38-6efe-4dd4-ba5c-2078095b6156
+      description: "emacs can be used to break out from restricted environments by
+        spawning an interactive system shell. Ref: https://gtfobins.github.io/gtfobins/emacs/
+        \ \n"
+      supported_platforms:
+      - linux
+      - macos
+      dependency_executor_name: bash
+      dependencies:
+      - description: 'Check if emacs is installed on the machine.
+
+          '
+        prereq_command: 'if [ -x "$(command -v emacs)" ]; then echo "emacs is installed";
+          else echo "emacs is NOT installed"; exit 1; fi
+
+          '
+        get_prereq_command: 'which apt && apt update && apt install -y emacs || which
+          pkg && pkg update && pkg install -y emacs || which brew && brew update &&
+          brew install --quiet emacs
+
+          '
+      executor:
+        command: sudo emacs -Q -nw --eval '(term "/bin/sh &")'
+        name: sh
+        elevation_required: true
   T1559:
     technique:
       x_mitre_platforms:

atomics/Indexes/linux-index.yaml

@@ -31652,6 +31652,32 @@ execution:
         cleanup_command: 
         name: sh
         elevation_required: false
+    - name: emacs spawning an interactive system shell
+      auto_generated_guid: e0742e38-6efe-4dd4-ba5c-2078095b6156
+      description: "emacs can be used to break out from restricted environments by
+        spawning an interactive system shell. Ref: https://gtfobins.github.io/gtfobins/emacs/
+        \ \n"
+      supported_platforms:
+      - linux
+      - macos
+      dependency_executor_name: bash
+      dependencies:
+      - description: 'Check if emacs is installed on the machine.
+
+          '
+        prereq_command: 'if [ -x "$(command -v emacs)" ]; then echo "emacs is installed";
+          else echo "emacs is NOT installed"; exit 1; fi
+
+          '
+        get_prereq_command: 'which apt && apt update && apt install -y emacs || which
+          pkg && pkg update && pkg install -y emacs || which brew && brew update &&
+          brew install --quiet emacs
+
+          '
+      executor:
+        command: sudo emacs -Q -nw --eval '(term "/bin/sh &")'
+        name: sh
+        elevation_required: true
   T1559:
     technique:
       x_mitre_platforms:

atomics/Indexes/macos-index.yaml

@@ -29408,6 +29408,32 @@ execution:
         command: echo '! exec "/bin/sh &"' | PERL_MM_USE_DEFAULT=1  cpan
         name: sh
         elevation_required: false
+    - name: emacs spawning an interactive system shell
+      auto_generated_guid: e0742e38-6efe-4dd4-ba5c-2078095b6156
+      description: "emacs can be used to break out from restricted environments by
+        spawning an interactive system shell. Ref: https://gtfobins.github.io/gtfobins/emacs/
+        \ \n"
+      supported_platforms:
+      - linux
+      - macos
+      dependency_executor_name: bash
+      dependencies:
+      - description: 'Check if emacs is installed on the machine.
+
+          '
+        prereq_command: 'if [ -x "$(command -v emacs)" ]; then echo "emacs is installed";
+          else echo "emacs is NOT installed"; exit 1; fi
+
+          '
+        get_prereq_command: 'which apt && apt update && apt install -y emacs || which
+          pkg && pkg update && pkg install -y emacs || which brew && brew update &&
+          brew install --quiet emacs
+
+          '
+      executor:
+        command: sudo emacs -Q -nw --eval '(term "/bin/sh &")'
+        name: sh
+        elevation_required: true
   T1559:
     technique:
       x_mitre_platforms:

atomics/T1059.004/T1059.004.md

@@ -40,6 +40,8 @@ Adversaries may abuse Unix shells to execute various commands or payloads. Inter
 
 - [Atomic Test #16 - Shell Creation using busybox command](#atomic-test-16---shell-creation-using-busybox-command)
 
+- [Atomic Test #17 - emacs spawning an interactive system shell](#atomic-test-17---emacs-spawning-an-interactive-system-shell)
+
 
 <br/>
 
@@ -617,4 +619,44 @@ busybox sh &
 
 
 
+<br/>
+<br/>
+
+## Atomic Test #17 - emacs spawning an interactive system shell
+emacs can be used to break out from restricted environments by spawning an interactive system shell. Ref: https://gtfobins.github.io/gtfobins/emacs/
+
+**Supported Platforms:** Linux, macOS
+
+
+**auto_generated_guid:** e0742e38-6efe-4dd4-ba5c-2078095b6156
+
+
+
+
+
+
+#### Attack Commands: Run with `sh`!  Elevation Required (e.g. root or admin) 
+
+
+```sh
+sudo emacs -Q -nw --eval '(term "/bin/sh &")'
+```
+
+
+
+
+#### Dependencies:  Run with `bash`!
+##### Description: Check if emacs is installed on the machine.
+##### Check Prereq Commands:
+```bash
+if [ -x "$(command -v emacs)" ]; then echo "emacs is installed"; else echo "emacs is NOT installed"; exit 1; fi
+```
+##### Get Prereq Commands:
+```bash
+which apt && apt update && apt install -y emacs || which pkg && pkg update && pkg install -y emacs || which brew && brew update && brew install --quiet emacs
+```
+
+
+
+
 <br/>

atomics/T1059.004/T1059.004.yaml

@@ -279,6 +279,7 @@ atomic_tests:
     name: sh
     elevation_required: false  
 - name: emacs spawning an interactive system shell
+  auto_generated_guid: e0742e38-6efe-4dd4-ba5c-2078095b6156
   description: |
     emacs can be used to break out from restricted environments by spawning an interactive system shell. Ref: https://gtfobins.github.io/gtfobins/emacs/  
   supported_platforms:

atomics/used_guids.txt

@@ -1668,3 +1668,4 @@ fdd45306-74f6-4ade-9a97-0a4895961228
 2db7852e-5a32-4ec7-937f-f4e027881700
 5510d22f-2595-4911-8456-4d630c978616
 70e13ef4-5a74-47e4-9d16-760b41b0e2db
+e0742e38-6efe-4dd4-ba5c-2078095b6156