mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-27 07:18:05 +01:00
22 lines
1.1 KiB
Markdown
22 lines
1.1 KiB
Markdown
|
---
|
||
|
name: shell32.dll
|
||
|
description: Windows Shell Common Dll
|
||
|
functions:
|
||
|
execute:
|
||
|
- description: Launch DLL payload.
|
||
|
code: rundll32.exe shell32.dll,Control_RunDLL payload.dll
|
||
|
- description: Launch executable payload.
|
||
|
code: rundll32.exe shell32.dll,ShellExec_RunDLL beacon.exe
|
||
|
- description: Launch executable payload with arguments.
|
||
|
code: rundll32 SHELL32.DLL,ShellExec_RunDLL "cmd.exe" "/c echo hi"
|
||
|
resources:
|
||
|
- resource: https://twitter.com/Hexacorn/status/885258886428725250
|
||
|
- resource: https://twitter.com/pabraeken/status/991768766898941953
|
||
|
- resource: https://twitter.com/mattifestation/status/776574940128485376
|
||
|
- resource: https://twitter.com/KyleHanslovan/status/905189665120149506
|
||
|
- resource: https://windows10dll.nirsoft.net/shell32_dll.html
|
||
|
fullpath:
|
||
|
- path: c:\windows\system32\shell32.dll
|
||
|
- path: c:\windows\syswow64\shell32.dll
|
||
|
notes: Thanks to Adam - @hexacorn (Control_RunDLL), Pierre-Alexandre Braeken - @pabraeken (ShellExec_RunDLL), Matt Graeber - @mattifestation (ShellExec_RunDLL), Kyle Hanslovan - @KyleHanslovan (ShellExec_RunDLL)
|
||
|
---
|