Windows Atomic Tests to TTP #7 Update (#138)

Summary: Pull Request resolved: #138 Added error checking and some updates to Windows Atomic Red Team Tests #7 This ttp was 7/10 and it performs the follow function: (Tor Proxy Usage - Windows) This test is designed to launch the tor proxy service, which is what is utilized in the background by the Tor Browser and other applications with add-ons in order to provide onion routing functionality. Upon successful execution, the tor proxy will be launched, run for 60 seconds, and then exit. Reviewed By: godlovepenn Differential Revision: D62876655
facebookincubator · Sep 18, 2024 · 8ef056e · 8ef056e
1 parent e15c7f7
commit 8ef056e
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 16 deletions.
diff --git a/ttps/command-and-control/windows/tor-proxy/README.md b/ttps/command-and-control/windows/tor-proxy/README.md
@@ -7,7 +7,7 @@ This TTP is designed to launch the tor proxy service, which is what is utilized
 Derived from [Atomic Red Team T1090.003](https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1090.003/T1090.003.md#atomic-test-2---tor-proxy-usage---windows)
 
 ## Arguments
-- **torExe**: a path variable specifying the location of tor.exe (including dependencies). Default is "bin\Tor\tor.exe".
+- **torExe**: a string variable specifying the location of tor.exe (including dependencies). Default is "$PWD\bin\Tor\tor.exe".
 - **sleepTime** : an int variable specifying the amount in seconds to pause after starting tor
 
 ## Pre-requisites

diff --git a/ttps/command-and-control/windows/tor-proxy/tor-proxy.yaml b/ttps/command-and-control/windows/tor-proxy/tor-proxy.yaml
@@ -20,42 +20,58 @@ mitre:
 args:
   - name: torExe
     description: Location of tor.exe file
-    type: path
-    default: bin\Tor\tor.exe
+    type: string
+    default: $PWD\bin\Tor\tor.exe
   - name: sleepTime
     description: Amount in seconds to pause after starting tor
     type: int
     default: 60
 
 steps:
-  - name: tor_download
-    description: tor.exe must be installed on the machine, checking if tor.exe exists at {{.Args.torExe}}
+  - name: tor_execute
     executor: powershell
     inline: |
+      Write-Host "tor.exe must be installed on the machine, checking if tor.exe exists at {{.Args.torExe}}"
+
       if (-Not (Test-Path "{{.Args.torExe}}")) {
+        Write-Host "Tor does not exist at {{.Args.torExe}}. Downloading tor..."
         $torZip = New-TemporaryFile
         $extractPath = Split-Path (Split-Path "{{.Args.torExe}}" -Parent) -Parent
-        Invoke-WebRequest "https://archive.torproject.org/tor-package-archive/torbrowser/11.0.6/tor-win32-0.4.6.9.zip" -OutFile "${torZip}.zip"
+        try {
+          Invoke-WebRequest "https://archive.torproject.org/tor-package-archive/torbrowser/11.0.6/tor-win32-0.4.6.9.zip" -OutFile "${torZip}.zip"
+        } catch {
+          Write-Host "Failed to download tor.zip : $_"
+          exit 1
+        }
         New-Item -ItemType Directory -Path $extractPath -ErrorAction ignore | Out-Null
-        expand-archive -LiteralPath "${torZip}.zip" -DestinationPath $extractPath
-        New-Item -ItemType File -Path "${extractPath}\.downloaded" -ErrorAction ignore | Out-Null
+        try {
+          expand-archive -LiteralPath "${torZip}.zip" -DestinationPath $extractPath
+        } catch {
+          Write-Host "Failed to extract tor.zip : $_"
+          exit 1
+        }
         remove-item "${torZip}.zip"
       }
-  - name: tor_execute
-    description: Starting tor.exe ...
-    executor: powershell
-    inline: |
-      start powershell { &"{{.Args.torExe}}" }
 
+      Write-Host "Starting tor.exe..."
+      start powershell { &"{{.Args.torExe}}" }
       start-sleep -Seconds {{.Args.sleepTime}}
 
     cleanup:
       executor: powershell
-      description: Stopping tor.exe ...
       inline: |
-        stop-process -name "tor" | out-null
+        try {
+          Write-Host "Attempting to stop tor process..."
+          Stop-Process -Name "tor" -ErrorAction Stop
+          Write-Host "Successfully stopped tor process."
+        } catch {
+          Write-Host "Failed to stop tor process: $_"
+        }
 
         $parentDir = Split-Path (Split-Path "{{.Args.torExe}}" -Parent) -Parent
-        if (Test-Path "${parentDir}\.downloaded"){
+        if (Test-Path "${parentDir}"){
           remove-item -r $parentDir
         }
+        else{
+          Write-Host "Failed to remove ${parentDir} "
+        }