T1078.003
Author: Stefan Waldvogel
LimaCharlie vs. External Remote Services
Overview:
Description from ATT&CK
Adversaries may obtain and abuse credentials of a local account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Local accounts are those configured by an organization for use by users, remote support, services, or for administration on a single system or service.
Local Accounts may also be abused to elevate privileges and harvest credentials through OS Credential Dumping. Password reuse may allow the abuse of local accounts across a set of machines on a network for the purposes of Privilege Escalation and Lateral Movement.
source: github.com/redcanaryco/atomic-red-team/tree/master/atomics
Commands:
Invoke-AtomicTest T1078.003 -ShowDetailsBrief
Invoke-AtomicTest T1078.003 -CheckPrereqs
Invoke-AtomicTest T1078.003 -GetPrereqs
Invoke-AtomicTest T1078.003
Invoke-AtomicTest T1078.003 -Cleanup
Changes:
Did the task manually, windows does not allow the old command anymore with adding a user without password.
Description from ATT&CK
Adversaries may obtain and abuse credentials of a local account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Local accounts are those configured by an organization for use by users, remote support, services, or for administration on a single system or service.
Local Accounts may also be abused to elevate privileges and harvest credentials through OS Credential Dumping. Password reuse may allow the abuse of local accounts across a set of machines on a network for the purposes of Privilege Escalation and Lateral Movement.
source: github.com/redcanaryco/atomic-red-team/tree/master/atomics
Commands:
Invoke-AtomicTest T1078.003 -ShowDetailsBrief
Invoke-AtomicTest T1078.003 -CheckPrereqs
Invoke-AtomicTest T1078.003 -GetPrereqs
Invoke-AtomicTest T1078.003
Invoke-AtomicTest T1078.003 -Cleanup
Changes:
Did the task manually, windows does not allow the old command anymore with adding a user without password.
Atomic Commands:
net user art-test /add
net user art-test Password123!
net localgroup administrators art-test /add
Limitations:
-none-
Result:
net user art-test /add
net user art-test Password123!
net localgroup administrators art-test /add
Limitations:
-none-
Result:
© 2021. This work is licensed under a CC BY-SA 4.0 license