Carrie Roberts
d4709021fb
* updating atomics count in README.md [ci skip] * wip * handle spaces in path * update readme * fix typo --------- Co-authored-by: publish bot <opensource@redcanary.com>
69 lines
2.7 KiB
YAML
69 lines
2.7 KiB
YAML
attack_technique: T1127.001
|
|
display_name: 'Trusted Developer Utilities Proxy Execution: MSBuild'
|
|
atomic_tests:
|
|
- name: MSBuild Bypass Using Inline Tasks (C#)
|
|
auto_generated_guid: 58742c0f-cb01-44cd-a60b-fb26e8871c93
|
|
description: |
|
|
Executes the code in a project file using msbuild.exe. The default C# project example file (T1127.001.csproj) will simply print "Hello From a Code Fragment" and "Hello From a Class." to the screen.
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
filename:
|
|
description: Location of the project file
|
|
type: path
|
|
default: PathToAtomicsFolder\T1127.001\src\T1127.001.csproj
|
|
msbuildpath:
|
|
description: Default location of MSBuild
|
|
type: path
|
|
default: C:\Windows\Microsoft.NET\Framework\v4.0.30319
|
|
msbuildname:
|
|
description: Default name of MSBuild
|
|
type: path
|
|
default: msbuild.exe
|
|
dependency_executor_name: powershell
|
|
dependencies:
|
|
- description: |
|
|
Project file must exist on disk at specified location (#{filename})
|
|
prereq_command: |
|
|
if (Test-Path "#{filename}") {exit 0} else {exit 1}
|
|
get_prereq_command: |
|
|
New-Item -Type Directory (split-path "#{filename}") -ErrorAction ignore | Out-Null
|
|
Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1127.001/src/T1127.001.csproj" -OutFile "#{filename}"
|
|
executor:
|
|
command: |
|
|
#{msbuildpath}\#{msbuildname} "#{filename}"
|
|
name: command_prompt
|
|
|
|
- name: MSBuild Bypass Using Inline Tasks (VB)
|
|
auto_generated_guid: ab042179-c0c5-402f-9bc8-42741f5ce359
|
|
description: |
|
|
Executes the code in a project file using msbuild.exe. The default Visual Basic example file (vb.xml) will simply print "Hello from a Visual Basic inline task!" to the screen.
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
filename:
|
|
description: Location of the project file
|
|
type: path
|
|
default: PathToAtomicsFolder\T1127.001\src\vb.xml
|
|
msbuildpath:
|
|
description: Default location of MSBuild
|
|
type: path
|
|
default: C:\Windows\Microsoft.NET\Framework\v4.0.30319
|
|
msbuildname:
|
|
description: Default name of MSBuild
|
|
type: path
|
|
default: msbuild.exe
|
|
dependency_executor_name: powershell
|
|
dependencies:
|
|
- description: |
|
|
Project file must exist on disk at specified location (#{filename})
|
|
prereq_command: |
|
|
if (Test-Path "#{filename}") {exit 0} else {exit 1}
|
|
get_prereq_command: |
|
|
New-Item -Type Directory (split-path "#{filename}") -ErrorAction ignore | Out-Null
|
|
Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1127.001/src/vb.xml" -OutFile "#{filename}"
|
|
executor:
|
|
command: |
|
|
#{msbuildpath}\#{msbuildname} "#{filename}"
|
|
name: command_prompt
|