From 4aec314bf099ce7aafeefa26481fc09e48db4ccb Mon Sep 17 00:00:00 2001 From: Atomic Red Team doc generator Date: Mon, 29 Aug 2022 16:24:25 +0000 Subject: [PATCH] Generated docs from job=generate-docs branch=master [ci skip] --- atomics/Indexes/index.yaml | 20 ++++++++++---------- atomics/T1105/T1105.md | 18 +++++++++--------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index 42c48b68..8ba6362c 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -92869,34 +92869,34 @@ command-and-control: description: URL of file to copy type: Url default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/LICENSE.txt - local_path: - description: Local path to place file - type: Path - default: Atomic-license.txt destination_path: description: Destination path to file type: Path default: "$env:TEMP\\Atomic-license.txt" + local_nimgrab: + description: Local path to nimgrab + type: Path + default: "$env:TEMP\\nimgrab.exe" executor: - command: 'cmd /c nimgrab.exe #{remote_file} #{local_path} + command: 'cmd /c nimgrab.exe #{remote_file} #{destination_path} ' - cleanup_command: 'del #{local_path} >nul 2>&1 + cleanup_command: 'del #{destination_path} >nul 2>&1 ' name: command_prompt + dependency_executor_name: powershell dependencies: - description: 'NimGrab must be installed on system. ' - prereq_command: 'if (Test-Path "$env:temp\nimgrab.exe") {exit 0} else {exit - 1} + prereq_command: 'if (Test-Path "#{local_nimgrab}") {exit 0} else {exit 1} ' get_prereq_command: | Invoke-WebRequest "https://nim-lang.org/download/nim-1.6.6_x64.zip" -Outfile $env:temp\nim.zip - Expand-Archive -Path $env:temp\nim.zip -DestinationPath $env:temp\nim - Copy-Item $env:temp\nim\nim-1.6.6\bin\nimgrab.exe #{destination_path} + Expand-Archive -Path $env:temp\nim.zip -DestinationPath $env:temp\nim -Force + Copy-Item $env:temp\nim\nim-1.6.6\bin\nimgrab.exe #{local_nimgrab} Remove-Item $env:temp\nim Remove-Item $env:temp\nim.zip T1001.002: diff --git a/atomics/T1105/T1105.md b/atomics/T1105/T1105.md index da9cda05..52dc43ca 100644 --- a/atomics/T1105/T1105.md +++ b/atomics/T1105/T1105.md @@ -1232,35 +1232,35 @@ Use nimgrab.exe to download a file from the web. | Name | Description | Type | Default Value | |------|-------------|------|---------------| | remote_file | URL of file to copy | Url | https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/LICENSE.txt| -| local_path | Local path to place file | Path | Atomic-license.txt| | destination_path | Destination path to file | Path | $env:TEMP\Atomic-license.txt| +| local_nimgrab | Local path to nimgrab | Path | $env:TEMP\nimgrab.exe| #### Attack Commands: Run with `command_prompt`! ```cmd -cmd /c nimgrab.exe #{remote_file} #{local_path} +cmd /c nimgrab.exe #{remote_file} #{destination_path} ``` #### Cleanup Commands: ```cmd -del #{local_path} >nul 2>&1 +del #{destination_path} >nul 2>&1 ``` -#### Dependencies: Run with `command_prompt`! +#### Dependencies: Run with `powershell`! ##### Description: NimGrab must be installed on system. ##### Check Prereq Commands: -```cmd -if (Test-Path "$env:temp\nimgrab.exe") {exit 0} else {exit 1} +```powershell +if (Test-Path "#{local_nimgrab}") {exit 0} else {exit 1} ``` ##### Get Prereq Commands: -```cmd +```powershell Invoke-WebRequest "https://nim-lang.org/download/nim-1.6.6_x64.zip" -Outfile $env:temp\nim.zip -Expand-Archive -Path $env:temp\nim.zip -DestinationPath $env:temp\nim -Copy-Item $env:temp\nim\nim-1.6.6\bin\nimgrab.exe #{destination_path} +Expand-Archive -Path $env:temp\nim.zip -DestinationPath $env:temp\nim -Force +Copy-Item $env:temp\nim\nim-1.6.6\bin\nimgrab.exe #{local_nimgrab} Remove-Item $env:temp\nim Remove-Item $env:temp\nim.zip ```