-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Summary: Pull Request resolved: #121 Cloud TTP to be opensourced Reviewed By: l50 Differential Revision: D59925699 fbshipit-source-id: 645ec591649df951b6864f71a31c3436ee9ee548
- Loading branch information
1 parent
a4aa497
commit c16c44a
Showing
2 changed files
with
92 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
# Create new IAM user | ||
|
||
![Meta TTP](https://img.shields.io/badge/Meta_TTP-blue) | ||
|
||
This TTP is used to create a new IAM user in AWS. It uses the AWS CLI to create a new user with the specified name. | ||
If a user with given name exists, nothing is done and the TTP is closed. | ||
If a user does not exist a new user is created. | ||
It is also deleted during cleanup. `--no-cleanup` options should be explicity specified if we do not want the new user created to be deleted. | ||
|
||
|
||
## Arguments | ||
|
||
|
||
- **iam_user_name**: The name of the new IAM user to be created. | ||
|
||
## Steps | ||
|
||
1. Set up necessary cloud environment variables. | ||
2. Check if an IAM user exists with provided user name | ||
3. Create a new IAM user if no existing user is found with given IAM user name. | ||
4. By deafult during the cleanup, delete the recently created IAM user. | ||
|
||
## Manual Reproduction Steps | ||
|
||
``` | ||
# Check if a user exists with provided user name | ||
aws iam get-user --user-name "IAM_USER_NAME" | ||
# Create a new user | ||
aws iam create-user --user-name "IAM_USER_NAME" | ||
# Setup persistence command in a RC SHELL script file: eg | ||
aws iam delete-user --user-name "IAM_USER_NAME" | ||
``` | ||
|
||
## MITRE ATT&CK Mapping | ||
|
||
- **Tactics**: | ||
- TA0003 Persistence | ||
- **Techniques**: | ||
- T1098 Account Manipulation |
49 changes: 49 additions & 0 deletions
49
ttps/cloud/aws/iam/create-new-iam-user/create-new-iam-user.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
--- | ||
api_version: 2.0 | ||
uuid: 29f9ab13-4c19-410f-8638-082c7f5c4127 | ||
name: create_iam_user | ||
description: | | ||
This TTP is used to create a new IAM user in AWS. It uses the AWS CLI to create a new user with the specified name. | ||
If a user with given name exists, nothing is done and the TTP is closed. | ||
If a user does not exist a new user is created. It is also deleted during cleanup. | ||
`--no-cleanup` options should be explicity specified if we do not want the new user created to be deleted. | ||
args: | ||
- name: iam_user_name | ||
description: The name of the new IAM user to be created. | ||
default: purple_trojan | ||
|
||
mitre: | ||
tactics: | ||
- TA0003 Persistence | ||
techniques: | ||
- T1098 Account Manipulation | ||
|
||
steps: | ||
- name: aws-connector | ||
description: This step invokes the verifies aws creds are present and aws cli is available. | ||
ttp: //helpers/cloud/aws/validate-aws-env-configured.yaml | ||
args: | ||
region: "{{ .Args.region }}" | ||
- name: create_user_if_does_not_exist | ||
description: Check if the specified IAM user exists. If not create a new one. | ||
inline: | | ||
echo "Checking if user {{.Args.iam_user_name}} exists..." | ||
set +e | ||
aws iam get-user --user-name {{.Args.iam_user_name}} 2>&1 | ||
user_exists=$? | ||
set -e | ||
if [ $user_exists -ne 0 ]; then | ||
echo -e "User {{.Args.iam_user_name}} does not exist. Proceeding with creating new one... \n" | ||
aws iam create-user --user-name {{.Args.iam_user_name}} | ||
else | ||
echo "User {{.Args.iam_user_name}} exists. Quitting..." | ||
exit 1 | ||
fi | ||
cleanup: | ||
inline: | | ||
user_exists=$(aws iam get-user --user-name {{.Args.iam_user_name}} 2>&1) | ||
if ! [ $? -ne 0 ]; then | ||
echo -e "User {{.Args.iam_user_name}} found. Proceeding with deleting the user during cleanup... \n " | ||
aws iam delete-user --user-name {{.Args.iam_user_name}} | ||
fi |