From 11b85d559697480f36339d7929a789b801af7b1c Mon Sep 17 00:00:00 2001 From: caseysmithrc <30840394+caseysmithrc@users.noreply.github.com> Date: Sat, 10 Nov 2018 15:53:55 -0700 Subject: [PATCH 1/2] fix-executor --- atomics/T1086/T1086.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/atomics/T1086/T1086.yaml b/atomics/T1086/T1086.yaml index 94d2dad9..c03f794e 100644 --- a/atomics/T1086/T1086.yaml +++ b/atomics/T1086/T1086.yaml @@ -112,7 +112,7 @@ atomic_tests: type: string default: Atomic Things executor: - name: command_prompt + name: powershell command: | New-LocalUser -FullName '#{full_name}' -Name '#{user_name}' -Password #{password} -Description '#{description}' @@ -199,4 +199,4 @@ atomic_tests: name: command_prompt command: | reg.exe add "HKEY_CURRENT_USER\Software\Classes\AtomicRedTeam" /v ART /t REG_SZ /d "U2V0LUNvbnRlbnQgLXBhdGggJyVTeXN0ZW1Sb290JS9UZW1wL2FydC1tYXJrZXIudHh0JyAtdmFsdWUgIkhlbGxvIGZyb20gdGhlIEF0b21pYyBSZWQgVGVhbSI=" - powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\AtomicRedTeam').ART))) \ No newline at end of file + powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\AtomicRedTeam').ART))) From f48234fc7f24a295a1faf7ae960c996242955063 Mon Sep 17 00:00:00 2001 From: CircleCI Atomic Red Team doc generator Date: Sat, 10 Nov 2018 22:54:09 +0000 Subject: [PATCH 2/2] Generate docs from job=validate_atomics_generate_docs branch=clean-up-csmith --- atomics/T1086/T1086.md | 2 +- atomics/index.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/atomics/T1086/T1086.md b/atomics/T1086/T1086.md index 2202125a..a6065c75 100644 --- a/atomics/T1086/T1086.md +++ b/atomics/T1086/T1086.md @@ -147,7 +147,7 @@ Using PS 5.1, add a user via CLI | password | password to use | string | ATOM1CR3DT3@M| | description | Brief description of account | string | Atomic Things| -#### Run it with `command_prompt`! +#### Run it with `powershell`! ``` New-LocalUser -FullName '#{full_name}' -Name '#{user_name}' -Password #{password} -Description '#{description}' ``` diff --git a/atomics/index.yaml b/atomics/index.yaml index 545c4b6a..34c3d2f2 100644 --- a/atomics/index.yaml +++ b/atomics/index.yaml @@ -13773,7 +13773,7 @@ execution: type: string default: Atomic Things executor: - name: command_prompt + name: powershell command: 'New-LocalUser -FullName ''#{full_name}'' -Name ''#{user_name}'' -Password #{password} -Description ''#{description}'' @@ -13851,7 +13851,7 @@ execution: - windows executor: name: command_prompt - command: |- + command: | reg.exe add "HKEY_CURRENT_USER\Software\Classes\AtomicRedTeam" /v ART /t REG_SZ /d "U2V0LUNvbnRlbnQgLXBhdGggJyVTeXN0ZW1Sb290JS9UZW1wL2FydC1tYXJrZXIudHh0JyAtdmFsdWUgIkhlbGxvIGZyb20gdGhlIEF0b21pYyBSZWQgVGVhbSI=" powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\AtomicRedTeam').ART))) T1121: