security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

New T1562.004 Test "Open local port through Windows Firewall for any profile" (#1200)

Browse Source 
* Update T1562.004.yaml

added new atomic test to open a port through Windows Firewall to any profile

* Update T1562.004.yaml

added some fixes to command and cleanup

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
This commit is contained in:
Tsora-Pop
2020-08-17 11:14:16 -05:00
committed by GitHub
parent 1427393485
commit f294dedadc
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1562.004/T1562.004.yaml
+14
View File
@@ -61,3 +61,17 @@ atomic_tests:
cleanup_command: netsh advfirewall firewall delete rule name="atomic testing" protocol=TCP localport=450 >nul 2>&1
name: command_prompt
elevation_required: true
- name: Open a local port through Windows Firewall to any profile
description: This test will attempt to open a local port defined by input arguments to any profile
supported_platforms:
- windows
input_arguments:
local_port:
description: This is the local port you wish to test opening
type: integer
default: 3389
executor:
command: netsh advfirewall firewall add rule name="Open Port to Any" dir=in protocol=tcp localport=#{local_port} action=allow profile=any
cleanup_command: netsh advfirewall firewall delete rule name="Open Port to Any"
name: powershell
elevation_required: true