Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]

2021-10-08 02:02:54 +00:00
parent e3b1ecdae4
commit 985f0a446a
2 changed files with 28 additions and 7 deletions
@@ -38716,12 +38716,10 @@ defense-evasion:
    atomic_tests:
    - name: MSXSL Bypass using local files
      auto_generated_guid: ca23bfb2-023f-49c5-8802-e66997de462d
-      description: 'Executes the code specified within a XSL script tag during XSL
-        transformation using a local payload. Requires download of MSXSL from Microsoft
-        at https://www.microsoft.com/en-us/download/details.aspx?id=21714. Open Calculator.exe
-        when test sucessfully executed, while AV turned off.
-
-'
+      description: "Executes the code specified within a XSL script tag during XSL
+        transformation using a local payload. \nRequires download of MSXSL from Microsoft
+        (Available via Internet Archive https://web.archive.org/web/20200825011623/https://www.microsoft.com/en-us/download/details.aspx?id=21714
+        ). \nOpen Calculator.exe when test sucessfully executed, while AV turned off.\n"
      supported_platforms:
      - windows
      input_arguments:
@@ -38753,6 +38751,16 @@ defense-evasion:
        get_prereq_command: |
          New-Item -Type Directory (split-path #{xslfile}) -ErrorAction ignore | Out-Null
          Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1220/src/msxslscript.xsl" -OutFile "#{xslfile}"
+      - description: 'msxsl.exe must exist on disk at specified location (#{msxsl_exe})
+
+'
+        prereq_command: 'if (Test-Path #{msxsl_exe}) {exit 0} else {exit 1}
+
+'
+        get_prereq_command: |
+          Invoke-WebRequest "https://web.archive.org/web/20200803205229/https://download.microsoft.com/download/f/2/6/f263ac46-1fe9-4ae9-8fd3-21102100ebf5/msxsl.exe" -OutFile "$env:TEMP\msxsl.exe"
+          Copy-Item $env:TEMP\msxsl.exe #{msxsl_exe} -Force
+          Remove-Item $env:TEMP\msxsl.exe
      executor:
        command: 'C:\Windows\Temp\msxsl.exe #{xmlfile} #{xslfile}

@@ -31,7 +31,9 @@ Command-line examples:(Citation: XSL Bypass Mar 2019)(Citation: LOLBAS Wmic)
 <br/>

 ## Atomic Test #1 - MSXSL Bypass using local files
-Executes the code specified within a XSL script tag during XSL transformation using a local payload. Requires download of MSXSL from Microsoft at https://www.microsoft.com/en-us/download/details.aspx?id=21714. Open Calculator.exe when test sucessfully executed, while AV turned off.
+Executes the code specified within a XSL script tag during XSL transformation using a local payload. 
+Requires download of MSXSL from Microsoft (Available via Internet Archive https://web.archive.org/web/20200825011623/https://www.microsoft.com/en-us/download/details.aspx?id=21714 ). 
+Open Calculator.exe when test sucessfully executed, while AV turned off.

 **Supported Platforms:** Windows

@@ -80,6 +82,17 @@ if (Test-Path #{xslfile}) {exit 0} else {exit 1}
 New-Item -Type Directory (split-path #{xslfile}) -ErrorAction ignore | Out-Null
 Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1220/src/msxslscript.xsl" -OutFile "#{xslfile}"
 ```
+##### Description: msxsl.exe must exist on disk at specified location (#{msxsl_exe})
+##### Check Prereq Commands:
+```powershell
+if (Test-Path #{msxsl_exe}) {exit 0} else {exit 1}
+```
+##### Get Prereq Commands:
+```powershell
+Invoke-WebRequest "https://web.archive.org/web/20200803205229/https://download.microsoft.com/download/f/2/6/f263ac46-1fe9-4ae9-8fd3-21102100ebf5/msxsl.exe" -OutFile "$env:TEMP\msxsl.exe"
+Copy-Item $env:TEMP\msxsl.exe #{msxsl_exe} -Force
+Remove-Item $env:TEMP\msxsl.exe
+```