diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index 7bcb9e4c..70a40303 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -84006,10 +84006,22 @@ discovery: Upon successful execution, cmd.exe will perform a for loop against the 192.168.1.1/24 network. Output will be via stdout. supported_platforms: - windows + input_arguments: + start_host: + description: Last octet starting value for ping sweep. + type: String + default: '1' + stop_host: + description: Last octet ending value for ping sweep. + type: String + default: '254' + subnet: + description: Subnet used for ping sweep. + type: String + default: 192.168.1 executor: - command: 'for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i - - ' + command: "for /l %i in (#{start_host},1,#{stop_host}) do ping -n 1 -w 100 + #{subnet}.%i \n" name: command_prompt - name: Remote System Discovery - arp auto_generated_guid: 2d5a61f5-0447-4be4-944a-1f8530ed6574 @@ -84350,7 +84362,9 @@ discovery: executor: name: powershell elevation_required: false - command: get-wmiobject -class ds_computer -namespace root\directory\ldap + command: 'get-wmiobject -class ds_computer -namespace root\directory\ldap + + ' T1046: technique: x_mitre_platforms: diff --git a/atomics/T1018/T1018.md b/atomics/T1018/T1018.md index 7fd8660a..29106dd7 100644 --- a/atomics/T1018/T1018.md +++ b/atomics/T1018/T1018.md @@ -160,12 +160,19 @@ Upon successful execution, cmd.exe will perform a for loop against the 192.168.1 +#### Inputs: +| Name | Description | Type | Default Value | +|------|-------------|------|---------------| +| start_host | Last octet starting value for ping sweep. | String | 1| +| stop_host | Last octet ending value for ping sweep. | String | 254| +| subnet | Subnet used for ping sweep. | String | 192.168.1| + #### Attack Commands: Run with `command_prompt`! ```cmd -for /l %i in (1,1,254) do ping -n 1 -w 100 192.168.1.%i +for /l %i in (#{start_host},1,#{stop_host}) do ping -n 1 -w 100 #{subnet}.%i ```