ID: T1064 Tactic: Defense Evasion, Execution

Adversaries may use scripts to aid in operations and perform multiple actions that would other wise be manual. Scripting is useful for speeding up operational tasks and reducing the time required to gain access to critical resources. Some scripting languages may be used to bypass process monitoring mechanisms by directly interacting with the operating system at an API level instead of calling other programs.Common scripting languages for Windows include VBScript and PowerShell but could also be in the form of command-line batch scripts.

Scripts can be embedded inside the Office documents as macros that can be set to execute when files used in Spearphishing Attachments or other forms of phishing are opened.Malicious embedded macros are other malicious means of execution than Software Exploitation, through Exploitation for Client Execution where adversaries will rely on macros being allowed or that the user will accept to activate them.

Many popular offensive frameworks which use forms of scripting for security testers and adversaries alike.Metasploit, Veil and PowerSploit are three popular examples, adeversaries are know to be also using PowerShell.

I will demonstrate with creating a simple batch file, is a form of scripting for the Windows OS some simple commands that are very well know for enumeration, I will search for users, which users belong in the Administrator Group, look for any other PC's connected to the Network and grab the system's information the commands I will be using are:

net users
net localgroup Administrators
net view

I will use @ECHO OFF so that the script doesn't output the commands and only the results I will finish with a PAUSE action so it doesn't close once done executing and I can view the results.

This is one of many way's to be using scripting, Macros are Examples, PowerSploit for AD(Active Directory) Enumeration are also very well used and incredibly helpful, these bat files can also be used to create Tasks, search for interesting file's even call for payloads if desired. This technique is also well know for Linux machines, a good scripting language know for this is Bash.

Here as you can see the file was run from the terminal using sh this is how you call the file using the proper language with it's proper command this is also true with Python, Ruby, Perl, Php and others from Linux.

Last updated