security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1663bf7d524b6fc8a9a39104feb2949b36368dfc
atomic-red-team/atomics/T1047/T1047.yaml
T
Carrie Roberts 1bfefdacfc Add elevated (#542) 
* provide elevation_required attribute

* provide elevation_required attribute

* provide elevation_required attribute
2019-09-03 07:34:42 -06:00

57 lines
1.3 KiB
YAML
Raw Blame History

---
attack_technique: T1047
display_name: Windows Management Instrumentation
atomic_tests:
- name: WMI Reconnaissance Users
description: |
WMI List User Accounts
supported_platforms:
- windows
executor:
name: command_prompt
elevation_required: false
command: |
wmic useraccount get /ALL
- name: WMI Reconnaissance Processes
description: |
WMI List Processes
supported_platforms:
- windows
executor:
name: command_prompt
elevation_required: false
command: |
wmic process get caption,executablepath,commandline
- name: WMI Reconnaissance Software
description: |
WMI List Software
supported_platforms:
- windows
executor:
name: command_prompt
elevation_required: false
command: |
wmic qfe get description,installedOn /format:csv
- name: WMI Reconnaissance List Remote Services
description: |
WMI List Remote Services
supported_platforms:
- windows
input_arguments:
node:
description: Ip Address
type: String
default: 192.168.0.1
service_search_string:
description: Name Of Service
type: String
default: sql server
executor:
name: command_prompt
elevation_required: false
command: |
wmic /node:"#{node}" service where (caption like "%#{service_search_string} (%")
Reference in New Issue View Git Blame Copy Permalink