CircleCI Atomic Red Team GUID generator
19 lines
769 B
YAML
19 lines
769 B
YAML
attack_technique: T1003.005
|
|
display_name: 'OS Credential Dumping: Cached Domain Credentials'
|
|
atomic_tests:
|
|
- name: Cached Credential Dump via Cmdkey
|
|
auto_generated_guid: 56506854-89d6-46a3-9804-b7fde90791f9
|
|
description: |
|
|
List credentials currently stored on the host via the built-in Windows utility cmdkey.exe
|
|
Credentials listed with Cmdkey only pertain to the current user
|
|
Passwords will not be displayed once they are stored
|
|
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/cmdkey
|
|
https://www.peew.pw/blog/2017/11/26/exploring-cmdkey-an-edge-case-for-privilege-escalation
|
|
supported_platforms:
|
|
- windows
|
|
executor:
|
|
name: command_prompt
|
|
elevation_required: false
|
|
command: |
|
|
cmdkey /list
|