Carrie Roberts
1bfefdacfc
* provide elevation_required attribute * provide elevation_required attribute * provide elevation_required attribute
38 lines
1.3 KiB
YAML
38 lines
1.3 KiB
YAML
---
|
|
attack_technique: T1118
|
|
display_name: InstallUtil
|
|
|
|
atomic_tests:
|
|
- name: InstallUtil uninstall method call
|
|
description: |
|
|
Executes the Uninstall Method
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
filename:
|
|
description: location of the payload
|
|
type: Path
|
|
default: C:\AtomicRedTeam\atomics\T1118\src\T1118.dll
|
|
executor:
|
|
name: command_prompt
|
|
elevation_required: false
|
|
command: |
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /target:library /out:C:\AtomicRedTeam\atomics\T1118\src\T1118.dll C:\AtomicRedTeam\atomics\T1118\src\T1118.cs
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U #{filename}
|
|
- name: InstallUtil GetHelp method call
|
|
description: |
|
|
Executes the Uninstall Method
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
filename:
|
|
description: location of the payload
|
|
type: Path
|
|
default: C:\AtomicRedTeam\atomics\T1118\src\T1118.dll
|
|
executor:
|
|
name: command_prompt
|
|
elevation_required: false
|
|
command: |
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /target:library /out:C:\AtomicRedTeam\atomics\T1118\src\T1118.dll C:\AtomicRedTeam\atomics\T1118\src\T1118.cs
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /? #{filename}
|