Austin Robertson
5cb3fed680
* Fix string interpolation from ${foo} to #{foo} across all atomics
* remove non-ASCII characters from atomics YAML
* fix erroneous input_arguments
27 lines
673 B
YAML
27 lines
673 B
YAML
---
|
|
attack_technique: T1173
|
|
display_name: Dynamic Data Exchange
|
|
|
|
atomic_tests:
|
|
- name: Execute Commands
|
|
description: |
|
|
Executes commands via DDE using Microsfot Word
|
|
|
|
supported_platforms:
|
|
- windows
|
|
|
|
executor:
|
|
name: manual
|
|
steps: |
|
|
Open Microsoft Word
|
|
|
|
Insert tab -> Quick Parts -> Field
|
|
|
|
Choose = (Formula) and click ok.
|
|
|
|
After that, you should see a Field inserted in the document with an error "!Unexpected End of Formula", right-click the Field, and choose Toggle Field Codes.
|
|
|
|
The Field Code should now be displayed, change it to Contain the following:
|
|
|
|
{DDEAUTO c:\\windows\\system32\\cmd.exe "/k calc.exe" }
|