mirror of
				https://github.com/LOLBAS-Project/LOLBAS
				synced 2025-10-25 23:05:58 +02:00 
			
		
		
		
	Updated odbcconf.exe with discovery from @Hexacorn <3
This commit is contained in:
		| @@ -12,6 +12,14 @@ Commands: | ||||
|     MitreID: T1218 | ||||
|     MitreLink: https://attack.mitre.org/wiki/Technique/T1218 | ||||
|     OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10 | ||||
|   - Command: odbcconf /a {REGSVR c:\test\test.dll} | ||||
|     Description: Execute DllREgisterServer from DLL specified. | ||||
|     Usecase: Execute dll file using technique that can evade defensive counter measures | ||||
|     Category: Execute | ||||
|     Privileges: User | ||||
|     MitreID: T1218 | ||||
|     MitreLink: https://attack.mitre.org/wiki/Technique/T1218 | ||||
|     OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10 | ||||
| Full_Path: | ||||
|   - Path: C:\Windows\System32\odbcconf.exe | ||||
|   - Path: C:\Windows\SysWOW64\odbcconf.exe | ||||
| @@ -22,7 +30,10 @@ Detection: | ||||
| Resources: | ||||
|   - Link: https://gist.github.com/NickTyrer/6ef02ce3fd623483137b45f65017352b | ||||
|   - Link: https://github.com/woanware/application-restriction-bypasses | ||||
|   - Link: https://twitter.com/Hexacorn/status/1187143326673330176 | ||||
| Acknowledgement: | ||||
|   - Person: Casey Smith | ||||
|     Handle: '@subtee' | ||||
|   - Person: Adam | ||||
|     Handle: '@Hexacorn' | ||||
| --- | ||||
		Reference in New Issue
	
	Block a user