From e75f2159c5488987ff6a67b2fba5ad0029034e3a Mon Sep 17 00:00:00 2001 From: Atomic Red Team doc generator Date: Fri, 24 Feb 2023 20:41:02 +0000 Subject: [PATCH] Generated docs from job=generate-docs branch=master [ci skip] --- atomics/Indexes/index.yaml | 20 ++++++++++++++++++-- atomics/Indexes/windows-index.yaml | 20 ++++++++++++++++++-- atomics/T1543.003/T1543.003.md | 4 +++- 3 files changed, 39 insertions(+), 5 deletions(-) diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml index 112b7020..c362ac66 100644 --- a/atomics/Indexes/index.yaml +++ b/atomics/Indexes/index.yaml @@ -30559,6 +30559,14 @@ privilege-escalation: description: Name of the service binary, include path. type: path default: PathToAtomicsFolder\T1543.003\bin\AtomicService.exe + service_type: + description: Type of service. May be own|share|interact|kernel|filesys|rec|userown|usershare + type: String + default: Own + startup_type: + description: Service start method. May be boot|system|auto|demand|disabled|delayed-auto + type: String + default: auto service_name: description: Name of the Service type: string @@ -30578,7 +30586,7 @@ privilege-escalation: name: command_prompt elevation_required: true command: | - sc.exe create #{service_name} binPath= #{binary_path} + sc.exe create #{service_name} binPath= #{binary_path} start=#{startup_type} type=#{service_type} sc.exe start #{service_name} cleanup_command: | sc.exe stop #{service_name} >nul 2>&1 @@ -52062,6 +52070,14 @@ persistence: description: Name of the service binary, include path. type: path default: PathToAtomicsFolder\T1543.003\bin\AtomicService.exe + service_type: + description: Type of service. May be own|share|interact|kernel|filesys|rec|userown|usershare + type: String + default: Own + startup_type: + description: Service start method. May be boot|system|auto|demand|disabled|delayed-auto + type: String + default: auto service_name: description: Name of the Service type: string @@ -52081,7 +52097,7 @@ persistence: name: command_prompt elevation_required: true command: | - sc.exe create #{service_name} binPath= #{binary_path} + sc.exe create #{service_name} binPath= #{binary_path} start=#{startup_type} type=#{service_type} sc.exe start #{service_name} cleanup_command: | sc.exe stop #{service_name} >nul 2>&1 diff --git a/atomics/Indexes/windows-index.yaml b/atomics/Indexes/windows-index.yaml index dd592257..5ff4d30c 100644 --- a/atomics/Indexes/windows-index.yaml +++ b/atomics/Indexes/windows-index.yaml @@ -27111,6 +27111,14 @@ privilege-escalation: description: Name of the service binary, include path. type: path default: PathToAtomicsFolder\T1543.003\bin\AtomicService.exe + service_type: + description: Type of service. May be own|share|interact|kernel|filesys|rec|userown|usershare + type: String + default: Own + startup_type: + description: Service start method. May be boot|system|auto|demand|disabled|delayed-auto + type: String + default: auto service_name: description: Name of the Service type: string @@ -27130,7 +27138,7 @@ privilege-escalation: name: command_prompt elevation_required: true command: | - sc.exe create #{service_name} binPath= #{binary_path} + sc.exe create #{service_name} binPath= #{binary_path} start=#{startup_type} type=#{service_type} sc.exe start #{service_name} cleanup_command: | sc.exe stop #{service_name} >nul 2>&1 @@ -46070,6 +46078,14 @@ persistence: description: Name of the service binary, include path. type: path default: PathToAtomicsFolder\T1543.003\bin\AtomicService.exe + service_type: + description: Type of service. May be own|share|interact|kernel|filesys|rec|userown|usershare + type: String + default: Own + startup_type: + description: Service start method. May be boot|system|auto|demand|disabled|delayed-auto + type: String + default: auto service_name: description: Name of the Service type: string @@ -46089,7 +46105,7 @@ persistence: name: command_prompt elevation_required: true command: | - sc.exe create #{service_name} binPath= #{binary_path} + sc.exe create #{service_name} binPath= #{binary_path} start=#{startup_type} type=#{service_type} sc.exe start #{service_name} cleanup_command: | sc.exe stop #{service_name} >nul 2>&1 diff --git a/atomics/T1543.003/T1543.003.md b/atomics/T1543.003/T1543.003.md index 3344fb94..dc104ba9 100644 --- a/atomics/T1543.003/T1543.003.md +++ b/atomics/T1543.003/T1543.003.md @@ -73,6 +73,8 @@ Upon successful execution, powershell will download `AtomicService.exe` from git | Name | Description | Type | Default Value | |------|-------------|------|---------------| | binary_path | Name of the service binary, include path. | path | PathToAtomicsFolder\T1543.003\bin\AtomicService.exe| +| service_type | Type of service. May be own|share|interact|kernel|filesys|rec|userown|usershare | String | Own| +| startup_type | Service start method. May be boot|system|auto|demand|disabled|delayed-auto | String | auto| | service_name | Name of the Service | string | AtomicTestService_CMD| @@ -80,7 +82,7 @@ Upon successful execution, powershell will download `AtomicService.exe` from git ```cmd -sc.exe create #{service_name} binPath= #{binary_path} +sc.exe create #{service_name} binPath= #{binary_path} start=#{startup_type} type=#{service_type} sc.exe start #{service_name} ```