diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index 87949cff..1e8458bf 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -33153,6 +33153,14 @@ defense-evasion: description: Location of the project file type: Path default: PathToAtomicsFolder\T1127.001\src\T1127.001.csproj + msbuildpath: + description: Default location of MSBuild + type: Path + default: C:\Windows\Microsoft.NET\Framework\v4.0.30319 + msbuildname: + description: Default name of MSBuild + type: Path + default: msbuild.exe dependency_executor_name: powershell dependencies: - description: 'Project file must exist on disk at specified location (#{filename}) @@ -33165,9 +33173,7 @@ defense-evasion: New-Item -Type Directory (split-path #{filename}) -ErrorAction ignore | Out-Null Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1127.001/src/T1127.001.csproj" -OutFile "#{filename}" executor: - command: 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe #{filename} - -' + command: "#{msbuildpath}\\#{msbuildname} #{filename}\n" name: command_prompt T1134.003: technique: diff --git a/atomics/T1127.001/T1127.001.md b/atomics/T1127.001/T1127.001.md index 5be28313..3739b39d 100644 --- a/atomics/T1127.001/T1127.001.md +++ b/atomics/T1127.001/T1127.001.md @@ -23,13 +23,15 @@ Executes the code in a project file using. C# Example | Name | Description | Type | Default Value | |------|-------------|------|---------------| | filename | Location of the project file | Path | PathToAtomicsFolder\T1127.001\src\T1127.001.csproj| +| msbuildpath | Default location of MSBuild | Path | C:\Windows\Microsoft.NET\Framework\v4.0.30319| +| msbuildname | Default name of MSBuild | Path | msbuild.exe| #### Attack Commands: Run with `command_prompt`! ```cmd -C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe #{filename} +#{msbuildpath}\#{msbuildname} #{filename} ```