From e149cf9df2d33a0bf00e085ea97f9c3ccbb6978e Mon Sep 17 00:00:00 2001 From: Atomic Red Team doc generator Date: Wed, 26 Oct 2022 15:13:43 +0000 Subject: [PATCH] Generated docs from job=generate-docs branch=master [ci skip] --- atomics/Indexes/index.yaml | 12 ++++++------ atomics/T1546.007/T1546.007.md | 1 + 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index c611d643..eb8680c5 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -41303,9 +41303,9 @@ privilege-escalation: New-Item -Type Directory (split-path #{helper_file}) -ErrorAction ignore | Out-Null Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1546.007/bin/NetshHelper.dll" -OutFile "#{helper_file}" executor: - command: 'netsh.exe add helper #{helper_file} - - ' + command: | + netsh.exe add helper #{helper_file} + taskkill /im notepad.exe /t /f > NUL 2>&1 cleanup_command: 'netsh.exe delete helper #{helper_file} ' @@ -64377,9 +64377,9 @@ persistence: New-Item -Type Directory (split-path #{helper_file}) -ErrorAction ignore | Out-Null Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1546.007/bin/NetshHelper.dll" -OutFile "#{helper_file}" executor: - command: 'netsh.exe add helper #{helper_file} - - ' + command: | + netsh.exe add helper #{helper_file} + taskkill /im notepad.exe /t /f > NUL 2>&1 cleanup_command: 'netsh.exe delete helper #{helper_file} ' diff --git a/atomics/T1546.007/T1546.007.md b/atomics/T1546.007/T1546.007.md index 71eedac0..d0166eb7 100644 --- a/atomics/T1546.007/T1546.007.md +++ b/atomics/T1546.007/T1546.007.md @@ -38,6 +38,7 @@ The NetshHelper.dll provided with the atomic will simply launch notepad when net ```cmd netsh.exe add helper #{helper_file} +taskkill /im notepad.exe /t /f > NUL 2>&1 ``` #### Cleanup Commands: