Closed leegengyu closed 3 years ago
To this end, would like to clarify if are we required to manually update the appropriate IP and port in each of the 5 files above (where required), and zip them when done, before placing them back into the plugins/evals/payloads directory? This would be due to the fact that the Python script only covers .ps1 and .txt files?
@leegengyu you're absolutely correct! If you want to update the .exe's you'll have to re-generate them and I suggest checking out the evals steps for day-1 and day-2 here for further insights in how the payloads were used so you have an idea on what you'll have to update.
Thank you for the clarification @jstroud-mitre !
Hello,
For Day 1.A of APT29 executed using the CALDERA plugin, phase 7 uses the
Modified-SysInternalsSuite.zip
payload.This zip file consists of the following:
While it is mentioned in a section in the README that the Python script "dynamically updates the payloads to the appropriate IP and port" (which it does in effect), it does not update the payloads in the said zip file to my understanding.
To this end, would like to clarify if are we required to manually update the appropriate IP and port in each of the 5 files above (where required), and zip them when done, before placing them back into the
plugins/evals/payloads
directory? This would be due to the fact that the Python script only covers.ps1
and.txt
files?Thank you!