adam/atomic-red-team-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generated docs from job=generate-docs branch=master [ci skip]

Browse Source
This commit is contained in:
Atomic Red Team doc generator
2025-06-24 01:10:01 +00:00
parent 3dc4cebb27
commit 9f2cd5e9c6
3 changed files with 69 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/Indexes/index.yaml
+30 -8
View File
@@ -36815,14 +36815,25 @@ privilege-escalation:
Upon successful execution, cmd will modify the binpath for `Fax` to spawn powershell. Powershell will then spawn.
supported_platforms:
- windows
input_arguments:
service_name:
description: The name of the service that will be modified
type: string
default: Fax
service_binpath:
description: The default value for the binary path of the service
type: string
default: C:\WINDOWS\system32\fxssvc.exe
executor:
name: command_prompt
elevation_required: true
command: |
sc config Fax binPath= "C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -noexit -c \"write-host 'T1543.003 Test'\""
sc start Fax
cleanup_command: sc config Fax binPath= "C:\WINDOWS\system32\fxssvc.exe" >nul
2>&1
sc config #{service_name} binPath= "C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -noexit -c \"write-host 'T1543.003 Test'\""
sc start #{service_name}
cleanup_command: 'sc config #{service_name} binPath= "#{service_binpath}"
>nul 2>&1
'
- name: Service Installation CMD
auto_generated_guid: 981e2942-e433-44e9-afc1-8c957a1496b6
description: |
@@ -61168,14 +61179,25 @@ persistence:
Upon successful execution, cmd will modify the binpath for `Fax` to spawn powershell. Powershell will then spawn.
supported_platforms:
- windows
input_arguments:
service_name:
description: The name of the service that will be modified
type: string
default: Fax
service_binpath:
description: The default value for the binary path of the service
type: string
default: C:\WINDOWS\system32\fxssvc.exe
executor:
name: command_prompt
elevation_required: true
command: |
sc config Fax binPath= "C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -noexit -c \"write-host 'T1543.003 Test'\""
sc start Fax
cleanup_command: sc config Fax binPath= "C:\WINDOWS\system32\fxssvc.exe" >nul
2>&1
sc config #{service_name} binPath= "C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -noexit -c \"write-host 'T1543.003 Test'\""
sc start #{service_name}
cleanup_command: 'sc config #{service_name} binPath= "#{service_binpath}"
>nul 2>&1
'
- name: Service Installation CMD
auto_generated_guid: 981e2942-e433-44e9-afc1-8c957a1496b6
description: |
atomics/Indexes/windows-index.yaml
+30 -8
View File
@@ -30556,14 +30556,25 @@ privilege-escalation:
Upon successful execution, cmd will modify the binpath for `Fax` to spawn powershell. Powershell will then spawn.
supported_platforms:
- windows
input_arguments:
service_name:
description: The name of the service that will be modified
type: string
default: Fax
service_binpath:
description: The default value for the binary path of the service
type: string
default: C:\WINDOWS\system32\fxssvc.exe
executor:
name: command_prompt
elevation_required: true
command: |
sc config Fax binPath= "C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -noexit -c \"write-host 'T1543.003 Test'\""
sc start Fax
cleanup_command: sc config Fax binPath= "C:\WINDOWS\system32\fxssvc.exe" >nul
2>&1
sc config #{service_name} binPath= "C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -noexit -c \"write-host 'T1543.003 Test'\""
sc start #{service_name}
cleanup_command: 'sc config #{service_name} binPath= "#{service_binpath}"
>nul 2>&1
'
- name: Service Installation CMD
auto_generated_guid: 981e2942-e433-44e9-afc1-8c957a1496b6
description: |
@@ -50394,14 +50405,25 @@ persistence:
Upon successful execution, cmd will modify the binpath for `Fax` to spawn powershell. Powershell will then spawn.
supported_platforms:
- windows
input_arguments:
service_name:
description: The name of the service that will be modified
type: string
default: Fax
service_binpath:
description: The default value for the binary path of the service
type: string
default: C:\WINDOWS\system32\fxssvc.exe
executor:
name: command_prompt
elevation_required: true
command: |
sc config Fax binPath= "C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -noexit -c \"write-host 'T1543.003 Test'\""
sc start Fax
cleanup_command: sc config Fax binPath= "C:\WINDOWS\system32\fxssvc.exe" >nul
2>&1
sc config #{service_name} binPath= "C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -noexit -c \"write-host 'T1543.003 Test'\""
sc start #{service_name}
cleanup_command: 'sc config #{service_name} binPath= "#{service_binpath}"
>nul 2>&1
'
- name: Service Installation CMD
auto_generated_guid: 981e2942-e433-44e9-afc1-8c957a1496b6
description: |
atomics/T1543.003/T1543.003.md
+9 -3
View File
@@ -45,18 +45,24 @@ Upon successful execution, cmd will modify the binpath for `Fax` to spawn powers
#### Inputs:
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| service_name | The name of the service that will be modified | string | Fax|
| service_binpath | The default value for the binary path of the service | string | C:\WINDOWS\system32\fxssvc.exe|
#### Attack Commands: Run with `command_prompt`! Elevation Required (e.g. root or admin)
```cmd
sc config Fax binPath= "C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -noexit -c \"write-host 'T1543.003 Test'\""
sc start Fax
sc config #{service_name} binPath= "C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -noexit -c \"write-host 'T1543.003 Test'\""
sc start #{service_name}
```
#### Cleanup Commands:
```cmd
sc config Fax binPath= "C:\WINDOWS\system32\fxssvc.exe" >nul 2>&1
sc config #{service_name} binPath= "#{service_binpath}" >nul 2>&1
```