diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index 5d4511b5..aa203176 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -35504,11 +35504,23 @@ discovery: name: powershell - name: Enumerate Users Not Requiring Pre Auth (ASRepRoast) auto_generated_guid: 870ba71e-6858-4f6d-895c-bb6237f6121b - description: | - When successful, accounts that do not require kerberos pre-auth will be returned - Requires the Active Directory module for powershell to be installed + description: 'When successful, accounts that do not require kerberos pre-auth + will be returned + +' supported_platforms: - windows + dependency_executor_name: powershell + dependencies: + - description: Computer must be domain joined. + prereq_command: if((Get-CIMInstance -Class Win32_ComputerSystem).PartOfDomain) + {exit 0} else {exit 1} + get_prereq_command: Write-Host Joining this computer to a domain must be done + manually. + - description: Requires the Active Directory module for powershell to be installed. + prereq_command: if(Get-Module -ListAvailable -Name ActiveDirectory) {exit + 0} else {exit 1} + get_prereq_command: Add-WindowsCapability -Online -Name "Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0" executor: name: powershell elevation_required: false diff --git a/atomics/T1069.002/T1069.002.md b/atomics/T1069.002/T1069.002.md index 51805ac3..16975068 100644 --- a/atomics/T1069.002/T1069.002.md +++ b/atomics/T1069.002/T1069.002.md @@ -187,7 +187,6 @@ IEX (IWR 'https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f94a5d29 ## Atomic Test #7 - Enumerate Users Not Requiring Pre Auth (ASRepRoast) When successful, accounts that do not require kerberos pre-auth will be returned -Requires the Active Directory module for powershell to be installed **Supported Platforms:** Windows @@ -205,6 +204,27 @@ get-aduser -f * -pr DoesNotRequirePreAuth | where {$_.DoesNotRequirePreAuth -eq +#### Dependencies: Run with `powershell`! +##### Description: Computer must be domain joined. +##### Check Prereq Commands: +```powershell +if((Get-CIMInstance -Class Win32_ComputerSystem).PartOfDomain) {exit 0} else {exit 1} +``` +##### Get Prereq Commands: +```powershell +Write-Host Joining this computer to a domain must be done manually. +``` +##### Description: Requires the Active Directory module for powershell to be installed. +##### Check Prereq Commands: +```powershell +if(Get-Module -ListAvailable -Name ActiveDirectory) {exit 0} else {exit 1} +``` +##### Get Prereq Commands: +```powershell +Add-WindowsCapability -Online -Name "Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0" +``` + +