public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-26 14:59:03 +01:00
Code Issues Projects Releases Wiki Activity

Removed COM Hijack

Browse Source
This commit is contained in:
bohops 2020-07-03 10:07:18 -04:00 committed by GitHub
parent 17a34e27f6
commit 12cdb47285
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
yml/OSScripts/Winrm.yml
View File

@ -4,14 +4,6 @@ Description: Script used for manage Windows RM settings
Author: 'Oddvar Moe' Author: 'Oddvar Moe'
Created: '2018-05-25' Created: '2018-05-25'
Commands: Commands:
- Command: reg.exe import c:\path\to\Slmgr.reg & winrm quickconfig
Description: Hijack the Scripting.Dictionary COM Object to execute remote scriptlet (SCT) code.
Usecase: Proxy execution
Category: Execute
Privileges: User
MitreID: T1216
MitreLink: https://attack.mitre.org/wiki/Technique/T1216
OperatingSystem: Windows 10
- Command: 'winrm invoke Create wmicimv2/Win32_Process @{CommandLine="notepad.exe"} -r:http://target:5985' - Command: 'winrm invoke Create wmicimv2/Win32_Process @{CommandLine="notepad.exe"} -r:http://target:5985'
Description: Lateral movement/Remote Command Execution via WMI Win32_Process class over the WinRM protocol Description: Lateral movement/Remote Command Execution via WMI Win32_Process class over the WinRM protocol
Usecase: Proxy execution Usecase: Proxy execution