From f294dedadc1fc9be444bca0bfcd332e87f09ad1b Mon Sep 17 00:00:00 2001
From: Tsora-Pop <35981510+Tsora-Pop@users.noreply.github.com>
Date: Mon, 17 Aug 2020 11:14:16 -0500
Subject: [PATCH] New T1562.004 Test "Open local port through Windows Firewall
 for any profile" (#1200)

* Update T1562.004.yaml

added new atomic test to open a port through Windows Firewall to any profile

* Update T1562.004.yaml

added some fixes to command and cleanup

Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
---
 atomics/T1562.004/T1562.004.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/atomics/T1562.004/T1562.004.yaml b/atomics/T1562.004/T1562.004.yaml
index cb52d1d4..c234e0e2 100644
--- a/atomics/T1562.004/T1562.004.yaml
+++ b/atomics/T1562.004/T1562.004.yaml
@@ -61,3 +61,17 @@ atomic_tests:
     cleanup_command: netsh advfirewall firewall delete rule name="atomic testing" protocol=TCP localport=450 >nul 2>&1
     name: command_prompt
     elevation_required: true
+- name: Open a local port through Windows Firewall to any profile
+  description: This test will attempt to open a local port defined by input arguments to any profile
+  supported_platforms:
+  - windows
+  input_arguments:
+    local_port:
+      description: This is the local port you wish to test opening
+      type: integer
+      default: 3389
+  executor:
+    command: netsh advfirewall firewall add rule name="Open Port to Any" dir=in protocol=tcp localport=#{local_port} action=allow profile=any
+    cleanup_command: netsh advfirewall firewall delete rule name="Open Port to Any"
+    name: powershell
+    elevation_required: true