mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-26 14:59:03 +01:00
Removed COM Hijack
This commit is contained in:
parent
17a34e27f6
commit
12cdb47285
@ -4,14 +4,6 @@ Description: Script used for manage Windows RM settings
|
|||||||
Author: 'Oddvar Moe'
|
Author: 'Oddvar Moe'
|
||||||
Created: '2018-05-25'
|
Created: '2018-05-25'
|
||||||
Commands:
|
Commands:
|
||||||
- Command: reg.exe import c:\path\to\Slmgr.reg & winrm quickconfig
|
|
||||||
Description: Hijack the Scripting.Dictionary COM Object to execute remote scriptlet (SCT) code.
|
|
||||||
Usecase: Proxy execution
|
|
||||||
Category: Execute
|
|
||||||
Privileges: User
|
|
||||||
MitreID: T1216
|
|
||||||
MitreLink: https://attack.mitre.org/wiki/Technique/T1216
|
|
||||||
OperatingSystem: Windows 10
|
|
||||||
- Command: 'winrm invoke Create wmicimv2/Win32_Process @{CommandLine="notepad.exe"} -r:http://target:5985'
|
- Command: 'winrm invoke Create wmicimv2/Win32_Process @{CommandLine="notepad.exe"} -r:http://target:5985'
|
||||||
Description: Lateral movement/Remote Command Execution via WMI Win32_Process class over the WinRM protocol
|
Description: Lateral movement/Remote Command Execution via WMI Win32_Process class over the WinRM protocol
|
||||||
Usecase: Proxy execution
|
Usecase: Proxy execution
|
||||||
|
Loading…
Reference in New Issue
Block a user