Carrie Roberts
1bfefdacfc
* provide elevation_required attribute * provide elevation_required attribute * provide elevation_required attribute
31 lines
929 B
YAML
31 lines
929 B
YAML
---
|
|
attack_technique: T1035
|
|
display_name: Service Execution
|
|
|
|
atomic_tests:
|
|
- name: Execute a Command as a Service
|
|
description: |
|
|
Creates a service specifying an aribrary command and executes it. When executing commands such as PowerShell, the service will report that it did not start correctly even when code executes properly.
|
|
|
|
supported_platforms:
|
|
- windows
|
|
|
|
input_arguments:
|
|
service_name:
|
|
description: Name of service to create
|
|
type: string
|
|
default: ARTService
|
|
|
|
executable_command:
|
|
description: Command to execute as a service
|
|
type: string
|
|
default: "%COMSPEC% /c powershell.exe -nop -w hidden -command New-Item -ItemType File C:\\art-marker.txt"
|
|
|
|
executor:
|
|
name: command_prompt
|
|
elevation_required: true
|
|
command: |
|
|
sc.exe create #{service_name} binPath= #{executable_command}
|
|
sc.exe start #{service_name}
|
|
sc.exe delete #{service_name}
|