Update T1059.004.yaml (#2871)

* Update T1059.004.yaml * Update T1059.004.yaml * Update T1059.004.yaml --------- Co-authored-by: Hare Sudhan <code@0x6c.dev>
redcanaryco · Aug 1, 2024 · c8926e0 · c8926e0
1 parent bee5a4c
commit c8926e0
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/atomics/T1059.004/T1059.004.yaml b/atomics/T1059.004/T1059.004.yaml
@@ -254,3 +254,27 @@ atomic_tests:
   executor:
     command: awk 'BEGIN {system("/bin/sh &")}'
     name: sh
+- name: Creating shell using cpan command
+  auto_generated_guid: 
+  description: |-
+    cpan lets you execute perl commands with the ! command. It can be used to break out from restricted environments by spawning an interactive system shell.
+    Reference - https://gtfobins.github.io/gtfobins/cpan/
+  supported_platforms:
+  - linux
+  - macos
+  executor:
+    command: echo '! exec "/bin/sh &"' | PERL_MM_USE_DEFAULT=1  cpan
+    name: sh
+    elevation_required: false
+- name: Shell Creation using busybox command
+  auto_generated_guid: 
+  description: |-
+    BusyBox is a multi-call binary. A multi-call binary is an executable program that performs the same job as more than one utility program. It can be used to break out from restricted environments by spawning an interactive system shell. 
+    Reference - https://gtfobins.github.io/gtfobins/busybox/
+  supported_platforms:
+  - linux
+  executor:
+    command: busybox sh &
+    cleanup_command: 
+    name: sh
+    elevation_required: false