Carrie Roberts
d4709021fb
* updating atomics count in README.md [ci skip] * wip * handle spaces in path * update readme * fix typo --------- Co-authored-by: publish bot <opensource@redcanary.com>
81 lines
3.0 KiB
YAML
81 lines
3.0 KiB
YAML
attack_technique: T1127
|
|
display_name: 'Trusted Developer Utilities Proxy Execution'
|
|
atomic_tests:
|
|
- name: Lolbin Jsc.exe compile javascript to exe
|
|
auto_generated_guid: 1ec1c269-d6bd-49e7-b71b-a461f7fa7bc8
|
|
description: |
|
|
Use jsc.exe to compile javascript code stored in scriptfile.js and output scriptfile.exe.
|
|
https://lolbas-project.github.io/lolbas/Binaries/Jsc/
|
|
https://www.phpied.com/make-your-javascript-a-windows-exe/
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
filename:
|
|
description: Location of the project file
|
|
type: path
|
|
default: PathToAtomicsFolder\T1127\src\hello.js
|
|
jscpath:
|
|
description: Default location of jsc.exe
|
|
type: path
|
|
default: C:\Windows\Microsoft.NET\Framework\v4.0.30319
|
|
jscname:
|
|
description: Default name of jsc
|
|
type: path
|
|
default: jsc.exe
|
|
dependency_executor_name: powershell
|
|
dependencies:
|
|
- description: |
|
|
JavaScript code file must exist on disk at specified location (#{filename})
|
|
prereq_command: |
|
|
if (Test-Path "#{filename}") {exit 0} else {exit 1}
|
|
get_prereq_command: |
|
|
New-Item -Type Directory (split-path "#{filename}") -ErrorAction ignore | Out-Null
|
|
Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1127/src/hello.js" -OutFile "#{filename}"
|
|
executor:
|
|
command: |
|
|
copy "#{filename}" %TEMP%\hello.js
|
|
#{jscpath}\#{jscname} %TEMP%\hello.js
|
|
cleanup_command: |
|
|
del %TEMP%\hello.js
|
|
del %TEMP%\hello.exe
|
|
name: command_prompt
|
|
|
|
- name: Lolbin Jsc.exe compile javascript to dll
|
|
auto_generated_guid: 3fc9fea2-871d-414d-8ef6-02e85e322b80
|
|
description: |
|
|
Use jsc.exe to compile javascript code stored in Library.js and output Library.dll.
|
|
https://lolbas-project.github.io/lolbas/Binaries/Jsc/
|
|
https://www.phpied.com/make-your-javascript-a-windows-exe/
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
filename:
|
|
description: Location of the project file
|
|
type: path
|
|
default: PathToAtomicsFolder\T1127\src\LibHello.js
|
|
jscpath:
|
|
description: Default location of jsc.exe
|
|
type: path
|
|
default: C:\Windows\Microsoft.NET\Framework\v4.0.30319
|
|
jscname:
|
|
description: Default name of jsc
|
|
type: path
|
|
default: jsc.exe
|
|
dependency_executor_name: powershell
|
|
dependencies:
|
|
- description: |
|
|
JavaScript code file must exist on disk at specified location (#{filename})
|
|
prereq_command: |
|
|
if (Test-Path "#{filename}") {exit 0} else {exit 1}
|
|
get_prereq_command: |
|
|
New-Item -Type Directory (split-path "#{filename}") -ErrorAction ignore | Out-Null
|
|
Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1127/src/LibHello.js" -OutFile "#{filename}"
|
|
executor:
|
|
command: |
|
|
copy "#{filename}" %TEMP%\LibHello.js
|
|
#{jscpath}\#{jscname} /t:library %TEMP%\LibHello.js
|
|
cleanup_command: |
|
|
del %TEMP%\LibHello.js
|
|
del %TEMP%\LibHello.dll
|
|
name: command_prompt
|