diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index aa203176..239f844c 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -5944,21 +5944,21 @@ privilege-escalation: type: String default: localhost user_name: - description: Username DOMAIN\User + description: 'Username to authenticate with, format: DOMAIN\User' type: String default: DOMAIN\user password: - description: Password + description: Password to authenticate with type: String default: At0micStrong executor: name: command_prompt elevation_required: true - command: 'SCHTASKS /Create /S #{target} /RU #{user_name} /RP #{password} /TN + command: 'SCHTASKS /Create /S #{target} /U #{user_name} /P #{password} /TN "Atomic task" /TR "#{task_command}" /SC daily /ST #{time} ' - cleanup_command: 'SCHTASKS /Delete /S #{target} /RU #{user_name} /RP #{password} + cleanup_command: 'SCHTASKS /Delete /S #{target} /U #{user_name} /P #{password} /TN "Atomic task" /F >nul 2>&1 ' @@ -13954,21 +13954,21 @@ persistence: type: String default: localhost user_name: - description: Username DOMAIN\User + description: 'Username to authenticate with, format: DOMAIN\User' type: String default: DOMAIN\user password: - description: Password + description: Password to authenticate with type: String default: At0micStrong executor: name: command_prompt elevation_required: true - command: 'SCHTASKS /Create /S #{target} /RU #{user_name} /RP #{password} /TN + command: 'SCHTASKS /Create /S #{target} /U #{user_name} /P #{password} /TN "Atomic task" /TR "#{task_command}" /SC daily /ST #{time} ' - cleanup_command: 'SCHTASKS /Delete /S #{target} /RU #{user_name} /RP #{password} + cleanup_command: 'SCHTASKS /Delete /S #{target} /U #{user_name} /P #{password} /TN "Atomic task" /F >nul 2>&1 ' @@ -39967,21 +39967,21 @@ execution: type: String default: localhost user_name: - description: Username DOMAIN\User + description: 'Username to authenticate with, format: DOMAIN\User' type: String default: DOMAIN\user password: - description: Password + description: Password to authenticate with type: String default: At0micStrong executor: name: command_prompt elevation_required: true - command: 'SCHTASKS /Create /S #{target} /RU #{user_name} /RP #{password} /TN + command: 'SCHTASKS /Create /S #{target} /U #{user_name} /P #{password} /TN "Atomic task" /TR "#{task_command}" /SC daily /ST #{time} ' - cleanup_command: 'SCHTASKS /Delete /S #{target} /RU #{user_name} /RP #{password} + cleanup_command: 'SCHTASKS /Delete /S #{target} /U #{user_name} /P #{password} /TN "Atomic task" /F >nul 2>&1 ' diff --git a/atomics/T1053.005/T1053.005.md b/atomics/T1053.005/T1053.005.md index 095696cb..4602644c 100644 --- a/atomics/T1053.005/T1053.005.md +++ b/atomics/T1053.005/T1053.005.md @@ -100,20 +100,20 @@ Upon successful execution, cmd.exe will create a scheduled task to spawn cmd.exe | task_command | What you want to execute | String | C:\windows\system32\cmd.exe| | time | What time 24 Hour | String | 72600| | target | Target | String | localhost| -| user_name | Username DOMAIN\User | String | DOMAIN\user| -| password | Password | String | At0micStrong| +| user_name | Username to authenticate with, format: DOMAIN\User | String | DOMAIN\user| +| password | Password to authenticate with | String | At0micStrong| #### Attack Commands: Run with `command_prompt`! Elevation Required (e.g. root or admin) ```cmd -SCHTASKS /Create /S #{target} /RU #{user_name} /RP #{password} /TN "Atomic task" /TR "#{task_command}" /SC daily /ST #{time} +SCHTASKS /Create /S #{target} /U #{user_name} /P #{password} /TN "Atomic task" /TR "#{task_command}" /SC daily /ST #{time} ``` #### Cleanup Commands: ```cmd -SCHTASKS /Delete /S #{target} /RU #{user_name} /RP #{password} /TN "Atomic task" /F >nul 2>&1 +SCHTASKS /Delete /S #{target} /U #{user_name} /P #{password} /TN "Atomic task" /F >nul 2>&1 ```