From db117e55cf82206caff1481dab45d96347b4fc7a Mon Sep 17 00:00:00 2001
From: Ryan <2059326+awsmhacks@users.noreply.github.com>
Date: Thu, 15 Apr 2021 16:52:49 -0600
Subject: [PATCH] Update T1133.yaml (#1417)

* Update T1133.yaml

Wont need chrome on path, start-proc location was in x86?

* remove program files ambiguity

* put extensions ids back

* Update T1133.yaml

* Update T1133.yaml

* Update T1133.yaml

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
---
 atomics/T1133/T1133.yaml | 24 ++++++++++--------------
 1 file changed, 10 insertions(+), 14 deletions(-)

diff --git a/atomics/T1133/T1133.yaml b/atomics/T1133/T1133.yaml
index f6019a08..3e605b2f 100644
--- a/atomics/T1133/T1133.yaml
+++ b/atomics/T1133/T1133.yaml
@@ -7,10 +7,8 @@ atomic_tests:
   auto_generated_guid: 4c8db261-a58b-42a6-a866-0a294deedde4
   description: |
     Running Chrome VPN Extensions via the Registry install 2 vpn extension, please see "T1133\src\list of vpn extension.txt" to view complete list
-
   supported_platforms:
     - windows
-
   input_arguments:
     chrome_url:
       description: chrome installer download URL
@@ -21,28 +19,26 @@ atomic_tests:
       type: String
       default: | 
         "fcfhplploccackoneaefokcmbjfbkenj", "fdcgdnkidjaadafnichfpabhfomcebme"
-
-  dependency_executor_name: powershell # (optional) The executor for the prereq commands, defaults to the same executor used by the attack commands
-  dependencies: # (optional)
+  dependency_executor_name: powershell
+  dependencies: 
     - description: |
-        chrome must be installed
-      prereq_command: 'if (cmd /c "chrome 2>nul") {exit 0} else {exit 1}'
-      get_prereq_command: | # commands to meet this prerequisite or a message describing how to meet this prereq
+        Chrome must be installed
+      prereq_command: 'if ((Test-Path "C:\Program Files\Google\Chrome\Application\chrome.exe") -Or (Test-Path "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe")) {exit 0} else {exit 1}'
+      get_prereq_command: | 
         Invoke-WebRequest -OutFile $env:temp\ChromeStandaloneSetup64.exe #{chrome_url}
-        Start-Process $env:temp\ChromeStandaloneSetup64.exe /S
-        
+        Start-Process $env:temp\ChromeStandaloneSetup64.exe /S     
   executor:
     name: powershell
     elevation_required: true
-    command: | # these are the actaul attack commands, at least one command must be provided
+    command: | 
       $extList = #{extension_id}
       foreach ($extension in $extList) {
         New-Item -Path HKLM:\Software\Wow6432Node\Google\Chrome\Extensions\$extension -Force
         New-ItemProperty -Path "HKLM:\Software\Wow6432Node\Google\Chrome\Extensions\$extension" -Name "update_url" -Value "https://clients2.google.com/service/update2/crx" -PropertyType "String" -Force}
-      Start-Process -FilePath "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
+      Start chrome
       Start-Sleep -Seconds 30
       Stop-Process -Name "chrome"
-    cleanup_command: | # you can remove the cleanup_command section if there are no cleanup commands
+    cleanup_command: | 
       $extList = #{extension_id}
       foreach ($extension in $extList) {
-      Remove-Item -Path "HKLM:\Software\Wow6432Node\Google\Chrome\Extensions\$extension" -ErrorAction Ignore}
\ No newline at end of file
+      Remove-Item -Path "HKLM:\Software\Wow6432Node\Google\Chrome\Extensions\$extension" -ErrorAction Ignore}