T1136.002 - 2 tests added (#1252)

2020-10-15 18:51:21 +02:00
parent c51438c486
commit f9637403eb
1 changed files with 50 additions and 0 deletions
@@ -0,0 +1,50 @@
+attack_technique: T1136.002
+display_name: 'Create Account: Domain Account'
+atomic_tests:
+- name: Create a new Windows domain admin user
+  description: |
+    Creates a new domain admin user in a command prompt.
+  supported_platforms:
+  - windows
+  input_arguments:
+    username:
+      description: Username of the user to create
+      type: String
+      default: T1136.002_Admin
+    password:
+      description: Password of the user to create
+      type: String
+      default: T1136_pass123!
+    group:
+      description: Domain administrator group to which add the user to
+      type: String
+      default: Domain Admins
+  executor:
+    command: |
+      net user "#{username}" "#{password}" /add /domain
+      net group "#{group}" "#{username}" /add /domain
+    cleanup_command: |
+      net user "#{username}" >nul 2>&1 /del /domain
+    name: command_prompt
+    elevation_required: false  # Requires a user to be a Domain Admin!
+- name: Create a new account similar to ANONYMOUS LOGON
+  description: |
+    Create a new account similar to ANONYMOUS LOGON in a command prompt.
+  supported_platforms:
+  - windows
+  input_arguments:
+    username:
+      description: Username of the user to create
+      type: String
+      default: ANONYMOUS  LOGON
+    password:
+      description: Password of the user to create
+      type: String
+      default: T1136_pass123!
+  executor:
+    command: |
+      net user "#{username}" "#{password}" /add /domain
+    cleanup_command: |
+      net user "#{username}" >nul 2>&1 /del /domain
+    name: command_prompt
+    elevation_required: false  # Requires a user to be a Domain Admin!