-
Notifications
You must be signed in to change notification settings - Fork 6
/
script-win.ps1
147 lines (123 loc) · 6.76 KB
/
script-win.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
# PI.ps1
# Windows ART
# Credits to https://github.com/redcanaryco/atomic-red-team
# Created by @anantkaul
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope CurrentUser -Force
if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
$arguments = "& '" +$myinvocation.mycommand.definition + "'"
Start-Process powershell -Verb runAs -ArgumentList $arguments
Break
}
$setup = Read-Host -Prompt "`n >> Do you want to install Atomic-Red-Team [Y/y] or have it installed already [N/n] ?"
function green {
process { Write-Host $_ -ForegroundColor Green }
}
function yellow {
process { Write-Host $_ -ForegroundColor Yellow }
}
if ($setup -eq "y" -or $setup -eq "Y" -or $setup -eq "yes" -or $setup -eq "YES") {
# Installing Invoke-Atomic Framework
Write-Output "`n >> Installing Invoke-Atomic Framework ..." | yellow
Install-PackageProvider -Name NuGet -Scope CurrentUser -Force
Install-Module -Name invoke-atomicredteam,powershell-yaml -Scope CurrentUser -Force
Write-Output "`n >> Successfully Installed Invoke-Atomic Framework ..." | green
# Getting the atomics
Write-Output "`n >> Getting the atomics ...`n" | yellow
Invoke-Expression (Invoke-WebRequest 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing); Install-AtomicRedTeam -getAtomics -Force
Import-Module "C:\AtomicRedTeam\invoke-atomicredteam\Invoke-AtomicRedTeam.psd1" -Force
Write-Output " >> Successfully Installed `"Atomic-Red-Team`" in `"C:\AtomicRedTeam\`" ..." | green
Read-Host -Prompt "`n >> Press enter to continue"
}
# Checking Invoke-Atomic Framework
if (-not (Test-Path -Path C:\AtomicRedTeam\invoke-atomicredteam)) {
Write-Output "`n >> Installing Invoke-Atomic Framework ...`n"
Install-Module -Name invoke-atomicredteam,powershell-yaml -Scope CurrentUser -Force
Write-Output "`n >> Installed Invoke-Atomic Framework successfully ..." | green
}
# Checking the atomics
if (-not (Test-Path -Path C:\AtomicRedTeam\atomics)) {
Write-Output "`n >> Getting the atomics ...`n"
Invoke-Expression (Invoke-WebRequest 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing); Install-AtomicRedTeam -getAtomics -Force
# Importing the module
Import-Module "C:\AtomicRedTeam\invoke-atomicredteam\Invoke-AtomicRedTeam.psd1" -Force
Write-Output " >> Successfully Installed `"Atomic-Red-Team`" in `"C:\AtomicRedTeam\`" ..." | green
Read-Host -Prompt "`n >> Press enter to continue"
}
function Cleanup_atomic($atid) {
$date_time = Get-Date -Format "MM:dd:yyyy_HH:mm"
$date_time = $date_time.Replace(':', "-")
$cleanup_dir = "$pwd\Cleanup_Logs"
if (Test-Path $cleanup_dir) {
} else {
mkdir $cleanup_dir > 1.md; rm 1.md
}
$cl = "$cleanup_dir\$date_time.txt"
for ($element = 0; $element -lt $atid.Count; $element++) {
$a = $atid[$element]
$ac = $element + 1
"`n[********BEGIN TEST-$ac CLEANUP *******]" >> $cl
powershell.exe "Invoke-AtomicTest $a -Cleanup" >> $cl
cd Cleanup_Logs
if ("PermissionDenied:" -match "cat $date_time.txt | sls `"PermissionDenied:`"") {
# if ('PermissionDenied:' -match "sls -pattern `"PermissionDenied:`" -path `"$cleanup_dir\$date_time.txt`"") {
Start-Process -Wait -Verb runAs powershell.exe "Invoke-AtomicTest $a -Cleanup" >> $cl
} else {
Start-Process -Wait powershell.exe "Invoke-AtomicTest $a -Cleanup" >> $cl
}
"[!!!!!!!! END TEST-$ac CLEANUP !!!!!!!]" >> $cl
}
cd ..
Write-Output " >> Cleanup Logs stored in `"$cl`" ...`n" | yellow
exit
}
$all_tids = @()
$c = 0
do {
$date_time = Get-Date -Format "MM:dd:yyyy_HH:mm"
$date_time = $date_time.Replace(':', "-")
cls
$tid = Read-Host -Prompt "`n >> Enter the Technique ID ( with prefix `'T`' ) or type ALL for AtomicTest"
# $date_time = Get-Date -Format "dd/MM/yyyy_HH:mm:ss"
$present_dir = "$pwd\ART_Results\$date_time\$tid"
if (Test-Path $present_dir) {
# Write-Output " >> Previous AtomicTest Overwriting and Updating with the Latest AtomicTest ..."
} else {
mkdir $present_dir > 1.md; rm 1.md
}
$check_pre = powershell.exe "Invoke-AtomicTest $tid -CheckPrereqs" | sls "-GetPrereqs"
$get_pre = "Invoke-AtomicTest $tid -GetPrereqs -Force"
$brief_details = "Invoke-AtomicTest $tid -ShowDetailsBrief"
$full_details = "Invoke-AtomicTest $tid -ShowDetails"
try {
powershell.exe $brief_details | Out-File $present_dir\Brief_Details.txt
powershell.exe $full_details | Out-File $present_dir\Full_Details.md
Remove-Item $env:TEMP\svchost-exe.dmp -ErrorAction Ignore
if ($check_pre -match "-GetPrereqs") {
# Try installing the dependencies first ...
powershell.exe $get_pre | Out-File $present_dir\get_preq.md
if (powershell.exe "cat $present_dir\get_preq.md | sls `"Elevation required`"" -match "Elevation required") {
Start-Process powershell.exe "Set-ExecutionPolicy Bypass -Scope CurrentUser -Force; Invoke-AtomicTest $tid -CheckPrereqs; powershell.exe `"Invoke-AtomicTest $tid -ExecutionLogPath `"$present_dir\Logs.txt`"`" | Out-File $present_dir\Output.md" -Wait -Verb runAs
} else {
Start-Process -Wait powershell.exe "Set-ExecutionPolicy Bypass -Scope CurrentUser -Force; Invoke-AtomicTest $tid -CheckPrereqs; powershell.exe `"Invoke-AtomicTest $tid -ExecutionLogPath `"$present_dir\Logs.txt`"`" | Out-File $present_dir\Output.md"
}
rm $present_dir\get_preq.md
} else {
Start-Process -Wait powershell.exe "Set-ExecutionPolicy Bypass -Scope CurrentUser -Force; Invoke-AtomicTest $tid -CheckPrereqs; powershell.exe `"Invoke-AtomicTest $tid -ExecutionLogPath `"$present_dir\Logs.txt`"`" | Out-File $present_dir\Output.md"
}
if (Test-Path $HOME\Desktop\open-ports.txt) {
mv $HOME\Desktop\open-ports.txt $present_dir\Open_Ports.txt
}
Write-Output "`n >> AtomicTest Completed Successfully !!" | green
Write-Output " >> Results Stored in `"$present_dir`" ...`n" | yellow
} catch {
Write-Output "`n >> An unexpected Error occured. Try again later ...`n"
}
$all_tids += $tid
$c++
$condition = Read-Host -Prompt " >> Do you want to continue with additional testing [Y/y] or proceed with a complete cleanup [N/n] ?"
# Cleanup for [n] and [y] to continue ...
if ($condition -eq "n" -or $condition -eq "N" -or $condition -eq "no" -or $condition -eq "NO") {
Cleanup_atomic($all_tids)
}
} while ($condition -eq "y" -or $condition -eq "Y" -or $condition -eq "yes" -or $condition -eq "YES")
Read-Host -Prompt " >> Press enter to exit"