Added RemCom to execute a command on a remote host (#2380)

* Added RemCom to execute a command on a remote host * Update T1569.002.yaml --------- Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
2023-03-20 12:38:17 -07:00
parent 62307f5d7b
commit 29063f5306
1 changed files with 37 additions and 0 deletions
@@ -140,3 +140,40 @@ atomic_tests:
      rm $env:temp\psexec.exe
    name: powershell
    elevation_required: true
+    
+- name: Use RemCom to execute a command on a remote host
+  description: |
+    Requires having RemCom installed, path to RemCom is one of the input input_arguments
+    Will start a process on a remote host.
+    Upon successful execution, cmd will utilize RemCom.exe to spawn calc.exe on a remote endpoint (default:localhost).
+  supported_platforms:
+  - windows
+  input_arguments:
+    remote_host:
+      description: Remote hostname or IP address
+      type: string
+      default: localhost
+    user_name:
+      description: Username
+      type: string
+      default: Administrator
+    password:
+      description: Password
+      type: string
+      default: P@ssw0rd1
+    remcom_exe:
+      description: Path to RemCom
+      type: string
+      default: $pathtoatomicsfolder\T1569.002\bin\remcom.exe
+  dependency_executor_name: powershell
+  dependencies:
+  - description: |
+      RemCom tool must exist on disk at specified location (#{remcom_exe})
+    prereq_command: |
+      if (Test-Path "#{remcom_exe}") { exit 0} else { exit 1}
+    get_prereq_command: |
+      Invoke-WebRequest "https://github.com/kavika13/RemCom/raw/master/bin/Release/RemCom.exe" -OutFile "#{remcom_exe}"
+  executor:
+    command: |
+      "#{remcom_exe}" \\#{remote_host} /user:#{user_name} /pwd:#{password} cmd.exe
+    name: command_prompt