search

redcanaryco / invoke-atomicredteam

Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
MIT License
818 stars 194 forks source link

Cross platform remote exec #10

Closed clr2of8 closed 4 years ago

clr2of8 commented 4 years ago

This PR makes execution of atomic tests against a remote machine using the -Session parameter work cross-platform (where the remote machine can be Windows, Linux, or OSx). The following table defines the prerequisites to make this work, where the "Local Computer" is the one where Invoke-AtomicRedTeam is installed and the "Remote Computer" is where the atomics will be executed.

image

See this link for instructions on configuring PowerShell Remoting over SSH: https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/ssh-remoting-in-powershell-core?view=powershell-7

See this link for enabling PS Remoting: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/enable-psremoting?view=powershell-7 Note: see the "-SkipNetworkProfileCheck" option if your client is on a public network

To run atomics that require admin privs on a remote linux/OSx machine you would need to establish the PSSession as root until this issue is resolved: (Can't run sudo in a PSSession) https://github.com/PowerShell/PowerShell/issues/11970

Testing: Ubuntu 18.04 Windows 10 Powershell Version 5 Windows 10 Powershell Core Mac OSx Mojave