diff --git a/atomics/T1220/T1220.md b/atomics/T1220/T1220.md index b2b3e420..dcc29282 100644 --- a/atomics/T1220/T1220.md +++ b/atomics/T1220/T1220.md @@ -37,8 +37,8 @@ Executes the code specified within a XSL script tag during XSL transformation us #### Inputs | Name | Description | Type | Default Value | |------|-------------|------|---------------| -| xmlfile | Location of the test XML file on the local filesystem. | Path | C:\AtomicRedTeam\atomics\T1220\src\msxsl-xmlfile.xml| -| xslfile | Location of the test XSL script file on the local filesystem. | Path | C:\AtomicRedTeam\atomics\T1220\src\msxsl-script.xsl| +| xmlfile | Location of the test XML file on the local filesystem. | Path | C:\AtomicRedTeam\atomics\T1220\src\msxslxmlfile.xml| +| xslfile | Location of the test XSL script file on the local filesystem. | Path | C:\AtomicRedTeam\atomics\T1220\src\msxslscript.xsl| #### Run it with `command_prompt`! ``` @@ -56,8 +56,8 @@ Executes the code specified within a XSL script tag during XSL transformation us #### Inputs | Name | Description | Type | Default Value | |------|-------------|------|---------------| -| xmlfile | Remote location (URL) of the test XML file. | Url | https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/msxsl-xmlfile.xml| -| xslfile | Remote location (URL) of the test XSL script file. | Url | https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/msxsl-script.xsl| +| xmlfile | Remote location (URL) of the test XML file. | Url | https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/msxslxmlfile.xml| +| xslfile | Remote location (URL) of the test XSL script file. | Url | https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/msxslscript.xsl| #### Run it with `command_prompt`! ``` @@ -76,7 +76,7 @@ Executes the code specified within a XSL script using a local payload. | Name | Description | Type | Default Value | |------|-------------|------|---------------| | wmic_command | WMI command to execute using wmic.exe | string | process list| -| local_xsl_file | Location of the test XSL script file on the local filesystem. | path | C:\AtomicRedTeam\atomics\T1220\src\wmic-script.xsl| +| local_xsl_file | Location of the test XSL script file on the local filesystem. | path | C:\AtomicRedTeam\atomics\T1220\src\wmicscript.xsl| #### Run it with `command_prompt`! ``` @@ -95,7 +95,7 @@ Executes the code specified within a XSL script using a remote payload. | Name | Description | Type | Default Value | |------|-------------|------|---------------| | wmic_command | WMI command to execute using wmic.exe | string | process list| -| remote_xsl_file | Remote location of an XSL payload. | url | https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/wmic-script.xsl| +| remote_xsl_file | Remote location of an XSL payload. | url | https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/wmicscript.xsl| #### Run it with `command_prompt`! ``` diff --git a/atomics/T1220/T1220.yaml b/atomics/T1220/T1220.yaml index f30a483d..5cb172f9 100644 --- a/atomics/T1220/T1220.yaml +++ b/atomics/T1220/T1220.yaml @@ -12,11 +12,11 @@ atomic_tests: xmlfile: description: Location of the test XML file on the local filesystem. type: Path - default: C:\AtomicRedTeam\atomics\T1220\src\msxsl-xmlfile.xml + default: C:\AtomicRedTeam\atomics\T1220\src\msxslxmlfile.xml xslfile: description: Location of the test XSL script file on the local filesystem. type: Path - default: C:\AtomicRedTeam\atomics\T1220\src\msxsl-script.xsl + default: C:\AtomicRedTeam\atomics\T1220\src\msxslscript.xsl executor: name: command_prompt command: | @@ -31,11 +31,11 @@ atomic_tests: xmlfile: description: Remote location (URL) of the test XML file. type: Url - default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/msxsl-xmlfile.xml + default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/msxslxmlfile.xml xslfile: description: Remote location (URL) of the test XSL script file. type: Url - default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/msxsl-script.xsl + default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/msxslscript.xsl executor: name: command_prompt command: | @@ -54,7 +54,7 @@ atomic_tests: local_xsl_file: description: Location of the test XSL script file on the local filesystem. type: path - default: C:\AtomicRedTeam\atomics\T1220\src\wmic-script.xsl + default: C:\AtomicRedTeam\atomics\T1220\src\wmicscript.xsl executor: name: command_prompt command: | @@ -73,7 +73,7 @@ atomic_tests: remote_xsl_file: description: Remote location of an XSL payload. type: url - default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/wmic-script.xsl + default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/wmicscript.xsl executor: name: command_prompt command: | diff --git a/atomics/T1220/src/msxsl-script.xsl b/atomics/T1220/src/msxslscript.xsl similarity index 100% rename from atomics/T1220/src/msxsl-script.xsl rename to atomics/T1220/src/msxslscript.xsl diff --git a/atomics/T1220/src/msxsl-xmlfile.xml b/atomics/T1220/src/msxslxmlfile.xml similarity index 100% rename from atomics/T1220/src/msxsl-xmlfile.xml rename to atomics/T1220/src/msxslxmlfile.xml diff --git a/atomics/T1220/src/wmic-script.xsl b/atomics/T1220/src/wmicscript.xsl similarity index 100% rename from atomics/T1220/src/wmic-script.xsl rename to atomics/T1220/src/wmicscript.xsl diff --git a/atomics/index.yaml b/atomics/index.yaml index f96f49d6..43e55161 100644 --- a/atomics/index.yaml +++ b/atomics/index.yaml @@ -9184,11 +9184,11 @@ defense-evasion: xmlfile: description: Location of the test XML file on the local filesystem. type: Path - default: C:\AtomicRedTeam\atomics\T1220\src\msxsl-xmlfile.xml + default: C:\AtomicRedTeam\atomics\T1220\src\msxslxmlfile.xml xslfile: description: Location of the test XSL script file on the local filesystem. type: Path - default: C:\AtomicRedTeam\atomics\T1220\src\msxsl-script.xsl + default: C:\AtomicRedTeam\atomics\T1220\src\msxslscript.xsl executor: name: command_prompt command: 'C:\Windows\Temp\msxsl.exe #{xmlfile} #{xslfile} @@ -9206,11 +9206,11 @@ defense-evasion: xmlfile: description: Remote location (URL) of the test XML file. type: Url - default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/msxsl-xmlfile.xml + default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/msxslxmlfile.xml xslfile: description: Remote location (URL) of the test XSL script file. type: Url - default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/msxsl-script.xsl + default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/msxslscript.xsl executor: name: command_prompt command: 'C:\Windows\Temp\msxsl.exe #{xmlfile} #{xslfile} @@ -9231,7 +9231,7 @@ defense-evasion: local_xsl_file: description: Location of the test XSL script file on the local filesystem. type: path - default: C:\AtomicRedTeam\atomics\T1220\src\wmic-script.xsl + default: C:\AtomicRedTeam\atomics\T1220\src\wmicscript.xsl executor: name: command_prompt command: 'wmic.exe #{wmic_command} /FORMAT:#{local_xsl_file} @@ -9252,7 +9252,7 @@ defense-evasion: remote_xsl_file: description: Remote location of an XSL payload. type: url - default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/wmic-script.xsl + default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/wmicscript.xsl executor: name: command_prompt command: 'wmic.exe #{wmic_command} /FORMAT:#{remote_xsl_file} @@ -17318,11 +17318,11 @@ execution: xmlfile: description: Location of the test XML file on the local filesystem. type: Path - default: C:\AtomicRedTeam\atomics\T1220\src\msxsl-xmlfile.xml + default: C:\AtomicRedTeam\atomics\T1220\src\msxslxmlfile.xml xslfile: description: Location of the test XSL script file on the local filesystem. type: Path - default: C:\AtomicRedTeam\atomics\T1220\src\msxsl-script.xsl + default: C:\AtomicRedTeam\atomics\T1220\src\msxslscript.xsl executor: name: command_prompt command: 'C:\Windows\Temp\msxsl.exe #{xmlfile} #{xslfile} @@ -17340,11 +17340,11 @@ execution: xmlfile: description: Remote location (URL) of the test XML file. type: Url - default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/msxsl-xmlfile.xml + default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/msxslxmlfile.xml xslfile: description: Remote location (URL) of the test XSL script file. type: Url - default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/msxsl-script.xsl + default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/msxslscript.xsl executor: name: command_prompt command: 'C:\Windows\Temp\msxsl.exe #{xmlfile} #{xslfile} @@ -17365,7 +17365,7 @@ execution: local_xsl_file: description: Location of the test XSL script file on the local filesystem. type: path - default: C:\AtomicRedTeam\atomics\T1220\src\wmic-script.xsl + default: C:\AtomicRedTeam\atomics\T1220\src\wmicscript.xsl executor: name: command_prompt command: 'wmic.exe #{wmic_command} /FORMAT:#{local_xsl_file} @@ -17386,7 +17386,7 @@ execution: remote_xsl_file: description: Remote location of an XSL payload. type: url - default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/wmic-script.xsl + default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1220/src/wmicscript.xsl executor: name: command_prompt command: 'wmic.exe #{wmic_command} /FORMAT:#{remote_xsl_file}