Generate docs from job=validate_atomics_generate_docs branch=master

2020-07-20 16:17:21 +00:00
parent 4836bfd525
commit 5c7b60b218
7 changed files with 70 additions and 4 deletions
@@ -114,6 +114,7 @@ persistence,T1136.001,Local Account,2,Create a user account on a MacOS system,01
 persistence,T1136.001,Local Account,3,Create a new user in a command prompt,6657864e-0323-4206-9344-ac9cd7265a4f,command_prompt
 persistence,T1136.001,Local Account,4,Create a new user in PowerShell,bc8be0ac-475c-4fbf-9b1d-9fffd77afbde,powershell
 persistence,T1136.001,Local Account,5,Create a new user in Linux with `root` UID and GID.,a1040a30-d28b-4eda-bd99-bb2861a4616c,bash
+persistence,T1136.001,Local Account,6,Create a new Windows admin user,fda74566-a604-4581-a4cc-fbbe21d66559,command_prompt
 persistence,T1037.002,Logon Script (Mac),1,Logon Scripts - Mac,f047c7de-a2d9-406e-a62b-12a09d9516f4,manual
 persistence,T1037.001,Logon Script (Windows),1,Logon Scripts,d6042746-07d4-4c92-9ad8-e644c114a231,command_prompt
 persistence,T1546.007,Netsh Helper DLL,1,Netsh Helper DLL Registration,3244697d-5a3a-4dfc-941c-550f69f91a4d,command_prompt
@@ -211,6 +211,7 @@ persistence,T1546.012,Image File Execution Options Injection,1,IFEO Add Debugger
 persistence,T1546.012,Image File Execution Options Injection,2,IFEO Global Flags,46b1f278-c8ee-4aa5-acce-65e77b11f3c1,command_prompt
 persistence,T1136.001,Local Account,3,Create a new user in a command prompt,6657864e-0323-4206-9344-ac9cd7265a4f,command_prompt
 persistence,T1136.001,Local Account,4,Create a new user in PowerShell,bc8be0ac-475c-4fbf-9b1d-9fffd77afbde,powershell
+persistence,T1136.001,Local Account,6,Create a new Windows admin user,fda74566-a604-4581-a4cc-fbbe21d66559,command_prompt
 persistence,T1037.001,Logon Script (Windows),1,Logon Scripts,d6042746-07d4-4c92-9ad8-e644c114a231,command_prompt
 persistence,T1546.007,Netsh Helper DLL,1,Netsh Helper DLL Registration,3244697d-5a3a-4dfc-941c-550f69f91a4d,command_prompt
 persistence,T1574.009,Path Interception by Unquoted Path,1,Execution of program.exe as service with unquoted service path,2770dea7-c50f-457b-84c4-c40a47460d9f,command_prompt
@@ -253,6 +253,7 @@
  - Atomic Test #3: Create a new user in a command prompt [windows]
  - Atomic Test #4: Create a new user in PowerShell [windows]
  - Atomic Test #5: Create a new user in Linux with `root` UID and GID. [linux]
+  - Atomic Test #6: Create a new Windows admin user [windows]
 - T1078.003 Local Accounts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1037.002 Logon Script (Mac)](../../T1037.002/T1037.002.md)
  - Atomic Test #1: Logon Scripts - Mac [macos]
@@ -416,6 +416,7 @@
 - [T1136.001 Local Account](../../T1136.001/T1136.001.md)
  - Atomic Test #3: Create a new user in a command prompt [windows]
  - Atomic Test #4: Create a new user in PowerShell [windows]
+  - Atomic Test #6: Create a new Windows admin user [windows]
 - T1078.003 Local Accounts [CONTRIBUTE A TEST](https://atomicredteam.io/contributing)
 - [T1037.001 Logon Script (Windows)](../../T1037.001/T1037.001.md)
  - Atomic Test #1: Logon Scripts [windows]
@@ -11955,15 +11955,39 @@ persistence:
          type: String
          default: BetterWithButter
      executor:
-        command: "useradd -g 0 -M -d /root -s /bin/bash #{username}\nif [ $(cat /etc/os-release
-          | grep -i 'Name=\"ubuntu\"') ]; then echo \"#{username}:#{password}\" |
-          sudo chpasswd; else echo \"#{password}\" | passwd --stdin #{username}; fi;
-          \     \n"
+        command: |
+          useradd -g 0 -M -d /root -s /bin/bash #{username}
+          if [ $(cat /etc/os-release | grep -i 'Name="ubuntu"') ]; then echo "#{username}:#{password}" | sudo chpasswd; else echo "#{password}" | passwd --stdin #{username}; fi;
        cleanup_command: 'userdel #{username}

 '
        name: bash
        elevation_required: true
+    - name: Create a new Windows admin user
+      auto_generated_guid: fda74566-a604-4581-a4cc-fbbe21d66559
+      description: 'Creates a new admin user in a command prompt.
+
+'
+      supported_platforms:
+      - windows
+      input_arguments:
+        username:
+          description: Username of the user to create
+          type: String
+          default: T1136.001_Admin
+        password:
+          description: Password of the user to create
+          type: String
+          default: T1136_pass
+      executor:
+        command: |
+          net user /add "#{username}" "#{password}"
+          net localgroup administrators "#{username}" /add
+        cleanup_command: 'net user /del "#{username}" >nul 2>&1
+
+'
+        name: command_prompt
+        elevation_required: true
  T1078.003:
    technique:
      external_references:
@@ -16,6 +16,8 @@ Such accounts may be used to establish secondary credentialed access that do not

 - [Atomic Test #5 - Create a new user in Linux with `root` UID and GID.](#atomic-test-5---create-a-new-user-in-linux-with-root-uid-and-gid)

+- [Atomic Test #6 - Create a new Windows admin user](#atomic-test-6---create-a-new-windows-admin-user)
+

 <br/>

@@ -192,4 +194,39 @@ userdel #{username}



+<br/>
+<br/>
+
+## Atomic Test #6 - Create a new Windows admin user
+Creates a new admin user in a command prompt.
+
+**Supported Platforms:** Windows
+
+
+
+
+#### Inputs:
+| Name | Description | Type | Default Value | 
+|------|-------------|------|---------------|
+| username | Username of the user to create | String | T1136.001_Admin|
+| password | Password of the user to create | String | T1136_pass|
+
+
+#### Attack Commands: Run with `command_prompt`!  Elevation Required (e.g. root or admin) 
+
+
+```cmd
+net user /add "#{username}" "#{password}"
+net localgroup administrators "#{username}" /add
+```
+
+#### Cleanup Commands:
+```cmd
+net user /del "#{username}" >nul 2>&1
+```
+
+
+
+
+
 <br/>
@@ -553,3 +553,4 @@ a90c2f4d-6726-444e-99d2-a00cd7c20480
 d696a3cb-d7a8-4976-8eb5-5af4abf2e3df
 efe86d95-44c4-4509-ae42-7bfd9d1f5b3d
 7382a43e-f19c-46be-8f09-5c63af7d3e2b
+fda74566-a604-4581-a4cc-fbbe21d66559