T1010 App Window Discovery with C# (#429)

2018-12-13 10:07:08 -06:00
parent 8243dfedec
commit 0779b60397
2 changed files with 71 additions and 0 deletions
@@ -0,0 +1,27 @@
+---
+attack_technique: T1010
+display_name: Application Window Discovery
+
+atomic_tests:
+- name: List Process Main Windows - C# .NET
+  description: |
+    Compiles and executes C# code to list main window titles associated with each process.
+
+  supported_platforms:
+    - windows
+
+  input_arguments:
+    input_source_code:
+      description: Path to source of C# code
+      type: path
+      default: C:\AtomicRedTeam\atomics\T1010\src\T1010.cs
+    output_file_name:
+      description: Name of output binary
+      type: string
+      default: T1010.exe
+
+  executor:
+    name: command_prompt
+    command: |
+      C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe -out:#{output_file_name} #{input_source_code}
+      #{output_file_name}
@@ -0,0 +1,44 @@
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+
+/*
+Author: Tony Lambert, Twitter: @ForensicITGuy
+License: MIT License
+Step One:
+C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe T1010.cs
+Step Two:
+T1010.exe
+*/
+
+namespace WindowLister
+{
+    class Lister 
+    {
+        static List<string> ListMainWindowTitles()
+        {
+            List<string> windowTitlesList = new List<string>();
+
+            Process[] processlist = Process.GetProcesses();
+
+            foreach (Process process in processlist)
+            {
+                string titleOutputLine;
+
+                if (!String.IsNullOrEmpty(process.MainWindowTitle))
+                {
+                    titleOutputLine = "Process: " + process.ProcessName + " ID: " + process.Id + " Main Window title: " + process.MainWindowTitle;
+                    windowTitlesList.Add(titleOutputLine);
+                }
+            }
+
+            return windowTitlesList;
+        }
+
+        static void Main(string[] args) 
+        {
+            List<string> windowTitlesList = ListMainWindowTitles();
+            windowTitlesList.ForEach(i => Console.Write("{0}\n", i));
+        }
+    }
+}