Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem: T1098.001 shell script is not working on Linux #3026

Open
za opened this issue Jan 3, 2025 · 3 comments
Open

Problem: T1098.001 shell script is not working on Linux #3026

za opened this issue Jan 3, 2025 · 3 comments

Comments

@za
Copy link
Contributor

za commented Jan 3, 2025

What did you do?

ℹ Please replace this with what you did.
Run ./aws_secret.sh

Refer to: https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1098.001/bin/aws_secret.sh

I've generated aws_secret.creds following this command:

aws iam create-access-key --user-name #{username} > "$PathToAtomicsFolder/T1098.001/bin/aws_secret.creds"
cd "$PathToAtomicsFolder/T1098.001/bin/"
./aws_secret.sh

What did you expect to happen?

ℹ Please replace this with what you expected to happen.
.aws/credentials is updated.

What happened instead?

ℹ Please replace this with of what happened instead.
e.g. 💥

➜  bin git:(master) ./aws_secret.sh
Creating Profile in ./aws/credentials
sed: can't read 72s|aws_access_key_id = .*$|aws_access_key_id = <snipped>|g: No such file or directory
sed: can't read 73s|aws_secret_access_key = .*$|aws_secret_access_key = <snipped>|g: No such file or directory

Your Environment

  • Which specific operating system are you running (e.g. Windows 7 SP1 32-bit)?
    Linux

  • Did you run the test from an elevated or root prompt?
    From the elevated prompt.

  • If relevant, which atomic test is this specific to?
    T1098.001
@za
Copy link
Contributor Author

za commented Jan 3, 2025

Removing the double single-tick, fixing the issue:

$ git diff

diff --git a/atomics/T1098.001/bin/aws_secret.sh b/atomics/T1098.001/bin/aws_secret.sh
index f96e740b..152f5b61 100755
--- a/atomics/T1098.001/bin/aws_secret.sh
+++ b/atomics/T1098.001/bin/aws_secret.sh
@@ -5,7 +5,7 @@ secret_key=`cat aws_secret.creds| jq -r '.AccessKey.SecretAccessKey'`
 line=`grep -n atomicredteam ~/.aws/credentials | cut -d : -f1 |bc`
 access="$(($line+1))"
 secret="$(($line+2))"
-sed -i '' "${access}s|aws_access_key_id = .*$|aws_access_key_id = $access_key|g" ~/.aws/credentials
-sed -i '' "${secret}s|aws_secret_access_key = .*$|aws_secret_access_key = $secret_key|g" ~/.aws/credentials
+sed -i "${access}s|aws_access_key_id = .*$|aws_access_key_id = $access_key|g" ~/.aws/credentials
+sed -i "${secret}s|aws_secret_access_key = .*$|aws_secret_access_key = $secret_key|g" ~/.aws/credentials

➜  bin git:(master) ✗ ./aws_secret.sh
Creating Profile in ./aws/credentials

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 3, 2025

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

@github-actions github-actions bot added the Stale label Feb 3, 2025
@github-actions GitHub Actions
Copy link

This issue was closed because it has been stalled for 5 days with no activity.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Feb 13, 2025
@cyberbuff cyberbuff reopened this Feb 13, 2025
@github-actions github-actions bot removed the Stale label Feb 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@za @cyberbuff