security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #401 from redcanaryco/clean-up-csmith

Browse Source 
fix-executor
This commit is contained in:
Keith McCammon
2018-11-11 18:18:48 -07:00
committed by GitHub
parent 7074c68b8d f48234fc7f
commit 53b39e11fe
3 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1086/T1086.md
+1 -1
View File
@@ -147,7 +147,7 @@ Using PS 5.1, add a user via CLI
| password | password to use | string | ATOM1CR3DT3@M|
| description | Brief description of account | string | Atomic Things|
#### Run it with `command_prompt`!
#### Run it with `powershell`!
```
New-LocalUser -FullName '#{full_name}' -Name '#{user_name}' -Password #{password} -Description '#{description}'
```
atomics/T1086/T1086.yaml
+2 -2
View File
@@ -112,7 +112,7 @@ atomic_tests:
type: string
default: Atomic Things
executor:
name: command_prompt
name: powershell
command: |
New-LocalUser -FullName '#{full_name}' -Name '#{user_name}' -Password #{password} -Description '#{description}'
@@ -199,4 +199,4 @@ atomic_tests:
name: command_prompt
command: |
reg.exe add "HKEY_CURRENT_USER\Software\Classes\AtomicRedTeam" /v ART /t REG_SZ /d "U2V0LUNvbnRlbnQgLXBhdGggJyVTeXN0ZW1Sb290JS9UZW1wL2FydC1tYXJrZXIudHh0JyAtdmFsdWUgIkhlbGxvIGZyb20gdGhlIEF0b21pYyBSZWQgVGVhbSI="
powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\AtomicRedTeam').ART)))
powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\AtomicRedTeam').ART)))
atomics/index.yaml
+2 -2
View File
@@ -13770,7 +13770,7 @@ execution:
type: string
default: Atomic Things
executor:
name: command_prompt
name: powershell
command: 'New-LocalUser -FullName ''#{full_name}'' -Name ''#{user_name}''
-Password #{password} -Description ''#{description}''
@@ -13848,7 +13848,7 @@ execution:
- windows
executor:
name: command_prompt
command: |-
command: |
reg.exe add "HKEY_CURRENT_USER\Software\Classes\AtomicRedTeam" /v ART /t REG_SZ /d "U2V0LUNvbnRlbnQgLXBhdGggJyVTeXN0ZW1Sb290JS9UZW1wL2FydC1tYXJrZXIudHh0JyAtdmFsdWUgIkhlbGxvIGZyb20gdGhlIEF0b21pYyBSZWQgVGVhbSI="
powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\AtomicRedTeam').ART)))
T1121: