Carrie Roberts
1bfefdacfc
* provide elevation_required attribute * provide elevation_required attribute * provide elevation_required attribute
54 lines
1.5 KiB
YAML
54 lines
1.5 KiB
YAML
---
|
|
attack_technique: T1050
|
|
display_name: Service Installation
|
|
|
|
atomic_tests:
|
|
- name: Service Installation
|
|
description: |
|
|
Installs A Local Service
|
|
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
binary_path:
|
|
description: Name of the service binary, include path.
|
|
type: Path
|
|
default: C:\AtomicRedTeam\atomics\T1050\bin\AtomicService.exe
|
|
service_name:
|
|
description: Name of the Service
|
|
type: String
|
|
default: AtomicTestService
|
|
executor:
|
|
name: command_prompt
|
|
elevation_required: true
|
|
command: |
|
|
sc.exe create #{service_name} binPath= #{binary_path}
|
|
sc.exe start #{service_name}
|
|
sc.exe stop #{service_name}
|
|
sc.exe delete #{service_name}
|
|
|
|
- name: Service Installation PowerShell
|
|
Installs A Local Service using PowerShell
|
|
description: |
|
|
Installs A Local Service via PowerShell
|
|
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
binary_path:
|
|
description: Name of the service binary, include path.
|
|
type: Path
|
|
default: C:\AtomicRedTeam\atomics\T1050\bin\AtomicService.exe
|
|
service_name:
|
|
description: Name of the Service
|
|
type: String
|
|
default: AtomicTestService
|
|
executor:
|
|
name: powershell
|
|
elevation_required: true
|
|
command: |
|
|
New-Service -Name "#{service_name}" -BinaryPathName "#{binary_path}"
|
|
Start-Service -Name "#{service_name}"
|
|
Stop-Service -Name "#{service_name}"
|
|
(Get-WmiObject Win32_Service -filter "name='#{service_name}'").Delete()
|