Error to simulate TTPs from the Atomic

[johnk3r]

Hello, I'm starting to study Caldera and I have the following difficulty:

When I try to simulate an Atomic-related TTP, I am getting the following error message:

import-module: The specified module 'PathToAtomicsFolder \ T1059.001 \ src \ SharpHound.ps1' has not been loaded because no read module files found in any module directories. ... (PathToAtomicsFo ... \ SharpHound.ps1: String) [Import-Module], FileNot FoundException + FullyQualifiedErrorId: Modules_ModuleNotFound, Microsoft.PowerShell.Commands.ImportModuleCommand

I can see the imported TTP in the "/atomics" directory and the plugin was started with the server.
Where can I be wrong?

Congratulations for the project s2

[github-actions]

Looks like your first issue -- we aim to respond to issues as quickly as possible. In the meantime, check out our documentation here: http://caldera.readthedocs.io/

[johnk3r]

Hello,

can someone help me or inform me where this is described in the documentation?

[wbooth]

Hi, the initial download may have been corrupted, there was an issue in one of the abilities that caused a circular dependency that has been fixed.

To reset atomic
Delete plugins/atomic/atomic-red-team directory
Delete plugins/atomic/data/abilities directory
Update atomic plugin to master
Start up caldera

this should resolve your issue, please let me know if it does not

[johnk3r]

Thanks for the feedback.

So, I ended up upgrading to version 2.8.1. Unfortunately the problem remained.

I'm trying to simulate a T1059.001 technique, it has the following command:

write-host "Importing and executing SharpHound.ps1 from PathToAtomicsFolder \ T1059.001 \ src" -ForegroundColor Cyan; import-module PathToAtomicsFolder \ T1059.001 \ src \ SharpHound.ps1; Invoke-BloodHound -OutputDirectory $ env: Temp; Start-Sleep 5

Do I need to replace the "variable" PathToAtomicsFolder with something?

[wbooth]

Yes, you can replace the path to the payload

please note from our readme:

When importing tests from Atomic Red Team, this plugin also catches $PathToAtomicsFolder usages pointing to an existing file. It then imports the files as payloads and fix path usages. Note other usages are not handled. If a path with $PathToAtomicsFolder points to an existing directory or an unexisting file, we will not process it any further and ingest it "as it is". Examples of such usages below: -- https://github.com/redcanaryco/atomic-red-team/blob/a956d4640f9186a7bd36d16a63f6d39433af5f1d/atomics/T1022/T1022.yaml#L99 -- https://github.com/redcanaryco/atomic-red-team/blob/ab0b391ac0d7b18f25cb17adb330309f92fa94e6/atomics/T1056/T1056.yaml#L24

[johnk3r]

Thanks.

As the installation automatically enabled Atomic I believed that there was no need for further configuration.

I will validate and return.

[clr2of8]

Note that Atomic Red Team sometime points to dependencies within its folder structure that do not exist until users run the "Prereq commands". I imagine this is why this particular atomic causes issues when imported into CALDERA as CALDERA tries to point to a file in the src directory that doesn't exist yet. See the markdown of the atomic test here: https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1059.001/T1059.001.md#atomic-test-2---run-bloodhound-from-local-disk

Notice how one of the prereqs says that SharpHound must be found at PathToAtomicsFolder\T1059.001\src\SharpHound.ps1 and this file is not in the redcanary atomic red team repo and would only be in the src directory after running the prereq commands. Perhaps the atomic plugin could run all the prereq commands before running the import.