public static void CreateLocalAccountApi(string log, bool cleanup) { string currentPath = AppDomain.CurrentDomain.BaseDirectory; Lib.Logger logger = new Lib.Logger(currentPath + log); logger.SimulationHeader("T1136.001"); logger.TimestampInfo("Using the Win32 API NetUserAdd function to execute the technique"); try { PersistenceHelper.CreateUserApi("haxor", logger, cleanup); logger.SimulationFinished(); } catch (Exception ex) { logger.SimulationFailed(ex); } }
public static void CreateAccountApi(string log) { string currentPath = AppDomain.CurrentDomain.BaseDirectory; Lib.Logger logger = new Lib.Logger(currentPath + log); logger.SimulationHeader("T1136"); //logger.TimestampInfo(String.Format("Starting T1136 Simulation on {0}", Environment.MachineName)); //logger.TimestampInfo(String.Format("Simulation agent running as {0} with PID:{1}", System.Reflection.Assembly.GetEntryAssembly().Location, Process.GetCurrentProcess().Id)); try { PersistenceHelper.CreateUser("haxor", logger); logger.SimulationFinished(); } catch (Exception ex) { logger.SimulationFailed(ex); } }
public static void CreateRegistryRunKeyNET(string log, bool cleanup) { string currentPath = AppDomain.CurrentDomain.BaseDirectory; Lib.Logger logger = new Lib.Logger(currentPath + log); logger.SimulationHeader("T1547.001"); logger.TimestampInfo("Using the Microsoft.Win32 .NET namespace to execute the technique"); try { PersistenceHelper.RegistryRunKey(logger, cleanup); logger.SimulationFinished(); } catch (Exception ex) { logger.SimulationFailed(ex); } }
public static void CreateWindowsServiceApi(string log, bool cleanup) { string currentPath = AppDomain.CurrentDomain.BaseDirectory; Lib.Logger logger = new Lib.Logger(currentPath + log); logger.SimulationHeader("T1543.003"); logger.TimestampInfo("Using the Win32 API CreateService function to execute the technique"); try { PersistenceHelper.CreateServiceApi(log, logger, cleanup); logger.SimulationFinished(); } catch (Exception ex) { logger.SimulationFailed(ex); } }