Skip to content

Latest commit

 

History

History
178 lines (99 loc) · 4.13 KB

T1046.md

File metadata and controls

178 lines (99 loc) · 4.13 KB

T1046 - Network Service Scanning

Adversaries may attempt to get a listing of services running on remote hosts, including those that may be vulnerable to remote software exploitation. Methods to acquire this information include port scans and vulnerability scans using tools that are brought onto a system.

Within cloud environments, adversaries may attempt to discover services running on other cloud hosts. Additionally, if the cloud environment is connected to a on-premises environment, adversaries may be able to identify services running on non-cloud systems as well.

Atomic Tests


Atomic Test #1 - Port Scan

Scan ports to check for listening ports.

Upon successful execution, sh will perform a network connection against a single host (192.168.1.1) and determine what ports are open in the range of 1-65535. Results will be via stdout.

Supported Platforms: Linux, macOS

Attack Commands: Run with sh!

for port in {1..65535};
do
  echo >/dev/tcp/192.168.1.1/$port && echo "port $port is open" || echo "port $port is closed" : ;
done


Atomic Test #2 - Port Scan Nmap

Scan ports to check for listening ports with Nmap.

Upon successful execution, sh will utilize nmap, telnet, and nc to contact a single or range of adresseses on port 80 to determine if listening. Results will be via stdout.

Supported Platforms: Linux, macOS

Inputs:

Name Description Type Default Value
host Host to scan. string 192.168.1.1
port Ports to scan. string 80
network_range Network Range to Scan. string 192.168.1.0/24

Attack Commands: Run with sh!

nmap -sS #{network_range} -p #{port}
telnet #{host} #{port}
nc -nv #{host} #{port}

Dependencies: Run with sh!

Description: Check if nmap command exists on the machine
Check Prereq Commands:
if [ -x "$(command -v nmap)" ]; then exit 0; else exit 1; fi; 
Get Prereq Commands:
echo "Install nmap on the machine to run the test."; exit 1;


Atomic Test #3 - Port Scan NMap for Windows

Scan ports to check for listening ports for the local host 127.0.0.1

Supported Platforms: Windows

Inputs:

Name Description Type Default Value
nmap_url NMap installer download URL url https://nmap.org/dist/nmap-7.80-setup.exe
host_to_scan The host to scan with NMap string 127.0.0.1

Attack Commands: Run with powershell! Elevation Required (e.g. root or admin)

nmap #{host_to_scan}

Dependencies: Run with powershell!

Description: NMap must be installed
Check Prereq Commands:
if (cmd /c "nmap 2>nul") {exit 0} else {exit 1} 
Get Prereq Commands:
Invoke-WebRequest -OutFile $env:temp\nmap-7.80-setup.exe #{nmap_url}
Start-Process $env:temp\nmap-7.80-setup.exe /S


Atomic Test #4 - Port Scan using python

Scan ports to check for listening ports with python

Supported Platforms: Windows

Inputs:

Name Description Type Default Value
host_ip Host to scan. string 127.0.0.1
filename Location of the project file Path PathToAtomicsFolder\T1046\src\T1046.py

Attack Commands: Run with powershell!

python #{filename} -i #{host_ip}

Dependencies: Run with powershell!

Description: Check if python exists on the machine
Check Prereq Commands:
if (python --version) {exit 0} else {exit 1} 
Get Prereq Commands:
echo "Python 3 must be installed manually"