From b22483e2f1ad7b38368c417dbcc614f6ff22792c Mon Sep 17 00:00:00 2001 From: bmorgan-code Date: Wed, 13 Nov 2019 17:41:46 -0600 Subject: [PATCH] T1090 add proxy reg key (#653) Adds a registry key to set up a proxy on the endpoint at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PortProxy\v4tov4 --- atomics/T1090/T1090.yaml | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/atomics/T1090/T1090.yaml b/atomics/T1090/T1090.yaml index 2c20eda3..aaa6e534 100644 --- a/atomics/T1090/T1090.yaml +++ b/atomics/T1090/T1090.yaml @@ -30,4 +30,34 @@ atomic_tests: export #{proxy_scheme}_proxy=#{proxy_server} cleanup_command: | unset http_proxy - unset https_proxy \ No newline at end of file + unset https_proxy + +- name: portproxy reg key + description: | + Adds a registry key to set up a proxy on the endpoint at + HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PortProxy\v4tov4 + + supported_platforms: + - windows + + input_arguments: + listenport: + description: Specifies the IPv4 port, by port number or service name, on which to listen. + type: string + default: 1337 + + connectport: + description: Specifies the IPv4 port, by port number or service name, to which to connect. If connectport is not specified, the default is the value of listenport on the local computer. + type: string + default: 1337 + + connectaddress: + description: Specifies the IPv4 address to which to connect. Acceptable values are IP address, computer NetBIOS name, or computer DNS name. If an address is not specified, the default is the local computer. + type: string + default: 127.0.0.1 + + executor: + name: powershell + elevation_required: true + command: netsh interface portproxy add v4tov4 listenport=#{listenport} connectport=#{connectport} connectaddress=#{connectaddress} + cleanup_command: netsh interface portproxy delete v4tov4 listenport=#{listenport}