mitre / atomic Goto Github PK
View Code? Open in Web Editor NEWA CALDERA plugin
Home Page: https://caldera.mitre.org/
License: Apache License 2.0
A CALDERA plugin
Home Page: https://caldera.mitre.org/
License: Apache License 2.0
Hello,
I am using the stable version 2.7.0 of caldera and when I try to enable the atomic plugin, I receive the following error on the console:
ERROR (c_plugin.py:71 enable) Error enabling plugin=atomic, 'NoneType' object is not iterable
I hope this helps you somehow to make caldera and its plugins even better.
Describe the bug
Ability T1003.007 can't be execute on correct way because of lacking of dependencies like below when raw scripts in red team canary were converted to caldera scripts:
Do you guys have plan to fix that? I found 134 abilities which had the same problems.
dependencies:
- description: |
Script to launch target process must exist
prereq_command: |
test -f #{script_path}
grep "#{pid_term}" #{script_path}
get_prereq_command: |
echo '#!/bin/sh' > #{script_path}
echo "sh -c 'echo "The password is #{pid_term}" && sleep 30' &" >> #{script_path}
- description: |
Requires Python
prereq_command: |
(which python || which python3 || which python2)
get_prereq_command: |
echo "Python 2.7+ or 3.4+ must be installed"
To Reproduce
none
Expected behavior
none
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
all
Additional context
Add any other context about the problem here.
none
I have an issue where the Atomic plugin is greyed out when I start Caldera using either the --insecure or with the local.yml environment file.
Stockpile is also greyed out.
The readme doesnt show any requirements, is there somewhere I can check error logs or is this a known issue.
I am running 4.0.0 on RHEL 8
Describe the bug
When the Atomic plugin is enabled, Caldera doesn't advance past the _prepare_executor stage of the Atomic Plugin
To Reproduce
Steps to reproduce the behavior:
build a docker image using the instructions on the Caldera Github Repo
Enable the Atomic plugin using the local.yml file
run the Caldera server with the built image and the modified local.yml file using the docker-compose file provided in the Caldera Repo
Expected behavior
The Atomic plugin is enabled, and Caldera continues with initialization and start up
Screenshots
Screenshots of the error logs would be pretty large so ive included a paste bin of the error logs, https://pastebin.com/raw/V8dRw0Jg, for reference the last line was printed about 30 minutes before the creation of this ticket and is the last log to be printed
Desktop (please complete the following information):
Additional context
Add any other context about the problem here.
Line 91 in f0af616
Can cause 'NoneType' object is not iterable error at startup if json object doesn't have kill_chain_phases object
What problem are you trying to solve? Please describe.
Any ideas on how to solve the known issue of importing Atomic tests with comments spanning multiple lines, such as Here-Strings?
The ideal solution: What should the feature should do?
transparent compatibility between both projects
What category of feature is this?
Thank you!
Upon start up, I have the following message:
2020-03-10 13:29:19 DEBUG Ingested 0 abilities from Atomic plugin
2020-03-10 13:29:19 DEBUG Enabled plugin: atomic
Atomic abilities while present in the plugin folder do not appear in Caldera as part of the "redcanary" technique set.
I have a problem when I try to run the atomic T1087.002(Account Discovery: Domain Account) test. This atomic uses the ADFind tool to enumerate the domain accounts.
I installed on the target machine (where is installed also the sandcat agent) the atomic-red-team atomics at C:\AtomicRedTeam\atomics path.
Using caldera, I configured the ability with the PathToAtomicsFolder\T1087.002\bin\AdFind.exe -sc admincountdmp
command but when I ran the command I received the The system cannot find the path specified.
error message.
In fact, using the ProcMon tool on the target machine I saw that the sandcat agent ran the wrong command cmd.exe /C PathToAtomicsFolder\T1087.002\bin\AdFind.exe -sc admincountdmp
otherwise cmd.exe /C C:\AtomicRedTeam\atomics\T1087.002\bin\AdFind.exe -sc admincountdmp
.
Why caldera doesn't apply the variable substitution? Where I'm wrong? I want to use this feature to avoid to use the absolute path.
P.S.: If I write the command with the absolute path, it works perfectly.
P.S.: I have read the documentation about this variable in the README file but I can't solve my problem.
Regards,
Describe the bug
parser atomic_powershell mark every(almost) test as failed.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Test should be marked as successful if the output is equal to:
VwByAGkAdABlAC0ASABvAHMAdAAgACIASABlAHkALAAgAEEAdABvAG0AaQBjACEAIgA=
Hey, Atomic!
Screenshots
On the screenshot you can see the case. Test failed but it completed successfully
Desktop (please complete the following information):
analyst@ts-kali:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Kali
Description: Kali GNU/Linux Rolling
Release: 2021.2
Codename: kali-rolling
analyst@ts-kali:~/caldera$ cat plugins/atomic/VERSION.txt
2.9.0-2d766f82e65cb657e19b47afa9e8ba86
v4.0.0
Additional context
The reason of this behavior is app/parsers/atomic_powershell.py
.
The line 6: checked_flags = list('FullyQualifiedErrorId')
puts an array ['F', 'u', 'l', 'l, ..., 'o', 'l', 'd'] to variable checked_flags. In that case the following if-condition will be True because there is no any chances for output to not contain any of the symbols listed above.
To resolve the issue, I guess, that line 6 should looks like that: checked_flags = ['FullyQualifiedErrorId']
Hello, I'm starting to study Caldera and I have the following difficulty:
When I try to simulate an Atomic-related TTP, I am getting the following error message:
import-module: The specified module 'PathToAtomicsFolder \ T1059.001 \ src \ SharpHound.ps1' has not been loaded because no read module files found in any module directories. ... (PathToAtomicsFo ... \ SharpHound.ps1: String) [Import-Module], FileNot FoundException + FullyQualifiedErrorId: Modules_ModuleNotFound, Microsoft.PowerShell.Commands.ImportModuleCommand
I can see the imported TTP in the "/atomics" directory and the plugin was started with the server.
Where can I be wrong?
Congratulations for the project s2
How do I fix the problem given to me?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.