From 3802eaffdf9f6ef78a7117e144f08cb2ac465a5b Mon Sep 17 00:00:00 2001 From: Atomic Red Team doc generator Date: Wed, 19 Oct 2022 01:22:59 +0000 Subject: [PATCH] Generated docs from job=generate-docs branch=master [ci skip] --- atomics/Indexes/index.yaml | 27 ++++++++++++++++++++++++++ atomics/T1105/T1105.md | 39 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index 05974b47..c7d06cda 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -93930,6 +93930,15 @@ command-and-control: description: Path to the Batch script type: Path default: PathToAtomicsFolder\T1105\src\T1105.bat + dependency_executor_name: powershell + dependencies: + - description: "#{Path_to_file} must exist on system.\n" + prereq_command: 'if (Test-Path #{Path_to_file}) {exit 0} else {exit 1} + + ' + get_prereq_command: | + New-Item -Type Directory (split-path #{Path_to_file}) -ErrorAction ignore | Out-Null + Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1105/src/T1105.bat" -OutFile "#{Path_to_file}" executor: command: "#{Path_to_file} 1>NUL \n" cleanup_command: | @@ -94038,6 +94047,15 @@ command-and-control: description: Path to replace.exe type: Path default: C:\Windows\System32\replace.exe + dependency_executor_name: powershell + dependencies: + - description: "#{replace_cab} must exist on system.\n" + prereq_command: 'if (Test-Path #{replace_cab}) {exit 0} else {exit 1} + + ' + get_prereq_command: | + New-Item -Type Directory (split-path #{replace_cab}) -ErrorAction ignore | Out-Null + Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1105/src/redcanary.cab" -OutFile "#{replace_cab}" executor: command: | del %TEMP%\redcanary.cab >nul 2>&1 @@ -94099,6 +94117,15 @@ command-and-control: description: Full path to the VisualBasic downloading the file type: String default: PathToAtomicsFolder\T1105\src\T1105-download-file.vbs + dependency_executor_name: powershell + dependencies: + - description: "#{vbscript_file} must be exist on system.\n" + prereq_command: 'if (Test-Path #{vbscript_file}) {exit 0} else {exit 1} + + ' + get_prereq_command: | + New-Item -Type Directory (split-path #{vbscript_file}) -ErrorAction ignore | Out-Null + Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1105/src/T1105-download-file.vbs" -OutFile "#{vbscript_file}" executor: command: 'wscript.exe #{vbscript_file}' cleanup_command: del Atomic-License.txt >nul 2>&1 diff --git a/atomics/T1105/T1105.md b/atomics/T1105/T1105.md index 8085f3f6..25525863 100644 --- a/atomics/T1105/T1105.md +++ b/atomics/T1105/T1105.md @@ -901,6 +901,19 @@ rmdir /s/q %temp%\T1105 >nul 2>&1 +#### Dependencies: Run with `powershell`! +##### Description: #{Path_to_file} must exist on system. +##### Check Prereq Commands: +```powershell +if (Test-Path #{Path_to_file}) {exit 0} else {exit 1} +``` +##### Get Prereq Commands: +```powershell +New-Item -Type Directory (split-path #{Path_to_file}) -ErrorAction ignore | Out-Null +Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1105/src/T1105.bat" -OutFile "#{Path_to_file}" +``` + +
@@ -1057,6 +1070,19 @@ del %TEMP%\redcanary.cab >nul 2>&1 +#### Dependencies: Run with `powershell`! +##### Description: #{replace_cab} must exist on system. +##### Check Prereq Commands: +```powershell +if (Test-Path #{replace_cab}) {exit 0} else {exit 1} +``` +##### Get Prereq Commands: +```powershell +New-Item -Type Directory (split-path #{replace_cab}) -ErrorAction ignore | Out-Null +Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1105/src/redcanary.cab" -OutFile "#{replace_cab}" +``` + +
@@ -1172,6 +1198,19 @@ del Atomic-License.txt >nul 2>&1 +#### Dependencies: Run with `powershell`! +##### Description: #{vbscript_file} must be exist on system. +##### Check Prereq Commands: +```powershell +if (Test-Path #{vbscript_file}) {exit 0} else {exit 1} +``` +##### Get Prereq Commands: +```powershell +New-Item -Type Directory (split-path #{vbscript_file}) -ErrorAction ignore | Out-Null +Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1105/src/T1105-download-file.vbs" -OutFile "#{vbscript_file}" +``` + +