From c7cfd2cac04110eb866cb70dd4ec6d9299966404 Mon Sep 17 00:00:00 2001 From: CircleCI Atomic Red Team doc generator Date: Wed, 5 Jan 2022 21:42:39 +0000 Subject: [PATCH] Generate docs from job=generate_and_commit_guids_and_docs branch=master [skip ci] --- atomics/Indexes/index.yaml | 4 ++-- atomics/T1003.003/T1003.003.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index 853098d0..ed3cde00 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -4297,9 +4297,9 @@ credential-access: drive_letter: description: Drive letter to source VSC (including colon) type: String - default: 'C:' + default: C:\ executor: - command: "(gwmi -list win32_shadowcopy).Create(#{drive_letter},'ClientAccessible')\n" + command: "(gwmi -list win32_shadowcopy).Create('#{drive_letter}','ClientAccessible')\n" name: powershell elevation_required: true - name: Create Symlink to Volume Shadow Copy diff --git a/atomics/T1003.003/T1003.003.md b/atomics/T1003.003/T1003.003.md index e216fd17..538f34a2 100644 --- a/atomics/T1003.003/T1003.003.md +++ b/atomics/T1003.003/T1003.003.md @@ -323,14 +323,14 @@ The Active Directory database NTDS.dit may be dumped by copying it from a Volume #### Inputs: | Name | Description | Type | Default Value | |------|-------------|------|---------------| -| drive_letter | Drive letter to source VSC (including colon) | String | C:| +| drive_letter | Drive letter to source VSC (including colon) | String | C:\| #### Attack Commands: Run with `powershell`! Elevation Required (e.g. root or admin) ```powershell -(gwmi -list win32_shadowcopy).Create(#{drive_letter},'ClientAccessible') +(gwmi -list win32_shadowcopy).Create('#{drive_letter}','ClientAccessible') ```