security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
python_conversion
atomic-red-team/atomics/T1059.007/T1059.007.yaml
T
Carrie Roberts e8d26acbc7 use cmd.exe syntax for temp dir (#2558) 
Co-authored-by: Michael Haag <5632822+MHaggis@users.noreply.github.com>
2023-10-10 10:04:16 -06:00

49 lines
2.2 KiB
YAML
Raw Permalink Blame History

attack_technique: T1059.007
display_name: "Command and Scripting Interpreter: JavaScript"
atomic_tests:
- name: JScript execution to gather local computer information via cscript
auto_generated_guid: 01d75adf-ca1b-4dd1-ac96-7c9550ad1035
description: JScript execution test, execute JScript via cscript command. When successful, system information will be written to $env:TEMP\T1059.007.out.txt
supported_platforms:
- windows
input_arguments:
jscript:
description: Path to sample script
type: string
default: PathToAtomicsFolder\T1059.007\src\sys_info.js
dependency_executor_name: powershell
dependencies:
- description: Sample script must exist on disk at specified location (#{jscript})
prereq_command: |
if (Test-Path "#{jscript}") {exit 0} else {exit 1}
get_prereq_command: |-
New-Item -ItemType Directory (Split-Path "#{jscript}") -Force | Out-Null
Invoke-WebRequest "https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.007/src/sys_info.js" -OutFile "#{jscript}"
executor:
command: |
cscript "#{jscript}" > %tmp%\T1059.007.out.txt
cleanup_command: del %tmp%\T1059.007.out.txt >nul 2>&1
name: command_prompt
- name: JScript execution to gather local computer information via wscript
auto_generated_guid: 0709945e-4fec-4c49-9faf-c3c292a74484
description: JScript execution test, execute JScript via wscript command. When successful, system information will be shown with four message boxes.
supported_platforms:
- windows
input_arguments:
jscript:
description: Path to sample script
type: string
default: PathToAtomicsFolder\T1059.007\src\sys_info.js
dependency_executor_name: powershell
dependencies:
- description: Sample script must exist on disk at specified location (#{jscript})
prereq_command: |
if (Test-Path "#{jscript}") {exit 0} else {exit 1}
get_prereq_command: |-
New-Item -ItemType Directory (Split-Path "#{jscript}") -Force | Out-Null
Invoke-WebRequest "https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1059.007/src/sys_info.js" -OutFile "#{jscript}"
executor:
command: |
wscript "#{jscript}"
name: command_prompt
Reference in New Issue View Git Blame Copy Permalink