Generate docs from job=validate_atomics_generate_docs branch=clr2of8-patch-3
This commit is contained in:
CircleCI Atomic Red Team doc generator
parent
b9b3b42742
commit
06ea87f94f
@@ -6269,8 +6269,8 @@ privilege-escalation:
|
||||
powershell -c "Get-WmiObject win32_service | select PathName" (check service file location) and
|
||||
copy /Y C:\temp\payload.exe C:\ProgramData\folder\Update\weakpermissionfile.exe ( replace weak permission file with malicious file )
|
||||
|
||||
Upon execution, open the weak permission file at %temp%\ T1574.010_weak_permission_file.txt and verify that it's contents read " T1574.010 Malicious file". To verify
|
||||
the weak file permissions, open File Explorer to%temp%\ T1574.010_weak_permission_file.exe then open Properties and Security to view the Full Control permission is enabled.
|
||||
Upon execution, open the weak permission file at %temp%\T1574.010_weak_permission_file.txt and verify that it's contents read " T1574.010 Malicious file". To verify
|
||||
the weak file permissions, open File Explorer to%temp%\T1574.010_weak_permission_file.exe then open Properties and Security to view the Full Control permission is enabled.
|
||||
supported_platforms:
|
||||
- windows
|
||||
input_arguments:
|
||||
@@ -6281,7 +6281,7 @@ privilege-escalation:
|
||||
weak_permission_file:
|
||||
description: check weak files permission
|
||||
type: path
|
||||
default: "$env:TEMP\\ T1574.010_weak_permission_file.txt"
|
||||
default: "$env:TEMP\\T1574.010_weak_permission_file.txt"
|
||||
dependency_executor_name: powershell
|
||||
dependencies:
|
||||
- description: A file must exist on disk at specified location (#{weak_permission_file})
|
||||
@@ -14327,8 +14327,8 @@ persistence:
|
||||
powershell -c "Get-WmiObject win32_service | select PathName" (check service file location) and
|
||||
copy /Y C:\temp\payload.exe C:\ProgramData\folder\Update\weakpermissionfile.exe ( replace weak permission file with malicious file )
|
||||
|
||||
Upon execution, open the weak permission file at %temp%\ T1574.010_weak_permission_file.txt and verify that it's contents read " T1574.010 Malicious file". To verify
|
||||
the weak file permissions, open File Explorer to%temp%\ T1574.010_weak_permission_file.exe then open Properties and Security to view the Full Control permission is enabled.
|
||||
Upon execution, open the weak permission file at %temp%\T1574.010_weak_permission_file.txt and verify that it's contents read " T1574.010 Malicious file". To verify
|
||||
the weak file permissions, open File Explorer to%temp%\T1574.010_weak_permission_file.exe then open Properties and Security to view the Full Control permission is enabled.
|
||||
supported_platforms:
|
||||
- windows
|
||||
input_arguments:
|
||||
@@ -14339,7 +14339,7 @@ persistence:
|
||||
weak_permission_file:
|
||||
description: check weak files permission
|
||||
type: path
|
||||
default: "$env:TEMP\\ T1574.010_weak_permission_file.txt"
|
||||
default: "$env:TEMP\\T1574.010_weak_permission_file.txt"
|
||||
dependency_executor_name: powershell
|
||||
dependencies:
|
||||
- description: A file must exist on disk at specified location (#{weak_permission_file})
|
||||
@@ -30291,8 +30291,8 @@ defense-evasion:
|
||||
powershell -c "Get-WmiObject win32_service | select PathName" (check service file location) and
|
||||
copy /Y C:\temp\payload.exe C:\ProgramData\folder\Update\weakpermissionfile.exe ( replace weak permission file with malicious file )
|
||||
|
||||
Upon execution, open the weak permission file at %temp%\ T1574.010_weak_permission_file.txt and verify that it's contents read " T1574.010 Malicious file". To verify
|
||||
the weak file permissions, open File Explorer to%temp%\ T1574.010_weak_permission_file.exe then open Properties and Security to view the Full Control permission is enabled.
|
||||
Upon execution, open the weak permission file at %temp%\T1574.010_weak_permission_file.txt and verify that it's contents read " T1574.010 Malicious file". To verify
|
||||
the weak file permissions, open File Explorer to%temp%\T1574.010_weak_permission_file.exe then open Properties and Security to view the Full Control permission is enabled.
|
||||
supported_platforms:
|
||||
- windows
|
||||
input_arguments:
|
||||
@@ -30303,7 +30303,7 @@ defense-evasion:
|
||||
weak_permission_file:
|
||||
description: check weak files permission
|
||||
type: path
|
||||
default: "$env:TEMP\\ T1574.010_weak_permission_file.txt"
|
||||
default: "$env:TEMP\\T1574.010_weak_permission_file.txt"
|
||||
dependency_executor_name: powershell
|
||||
dependencies:
|
||||
- description: A file must exist on disk at specified location (#{weak_permission_file})
|
||||
|
||||
@@ -16,8 +16,8 @@ This test to show checking file system permissions weakness and which can lead t
|
||||
powershell -c "Get-WmiObject win32_service | select PathName" (check service file location) and
|
||||
copy /Y C:\temp\payload.exe C:\ProgramData\folder\Update\weakpermissionfile.exe ( replace weak permission file with malicious file )
|
||||
|
||||
Upon execution, open the weak permission file at %temp%\ T1574.010_weak_permission_file.txt and verify that it's contents read " T1574.010 Malicious file". To verify
|
||||
the weak file permissions, open File Explorer to%temp%\ T1574.010_weak_permission_file.exe then open Properties and Security to view the Full Control permission is enabled.
|
||||
Upon execution, open the weak permission file at %temp%\T1574.010_weak_permission_file.txt and verify that it's contents read " T1574.010 Malicious file". To verify
|
||||
the weak file permissions, open File Explorer to%temp%\T1574.010_weak_permission_file.exe then open Properties and Security to view the Full Control permission is enabled.
|
||||
|
||||
**Supported Platforms:** Windows
|
||||
|
||||
@@ -28,7 +28,7 @@ the weak file permissions, open File Explorer to%temp%\ T1574.010_weak_permissio
|
||||
| Name | Description | Type | Default Value |
|
||||
|------|-------------|------|---------------|
|
||||
| malicious_file | File to replace weak permission file with | path | $env:TEMP\ T1574.010\ T1574.010_malicious_file.txt|
|
||||
| weak_permission_file | check weak files permission | path | $env:TEMP\ T1574.010_weak_permission_file.txt|
|
||||
| weak_permission_file | check weak files permission | path | $env:TEMP\T1574.010_weak_permission_file.txt|
|
||||
|
||||
|
||||
#### Attack Commands: Run with `powershell`!
|
||||
|
||||
Reference in New Issue
Block a user