public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-26 14:59:03 +01:00
Code Issues Projects Releases Wiki Activity

Updated odbcconf.exe with discovery from @Hexacorn <3

Browse Source
This commit is contained in:
Oddvar Moe 2019-10-24 10:01:44 +02:00
parent cb9fa974dd
commit 13093c879e
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
yml/OSBinaries/Odbcconf.yml
View File

@ -12,6 +12,14 @@ Commands:
MitreID: T1218 MitreID: T1218
MitreLink: https://attack.mitre.org/wiki/Technique/T1218 MitreLink: https://attack.mitre.org/wiki/Technique/T1218
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10 OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
- Command: odbcconf /a {REGSVR c:\test\test.dll}
Description: Execute DllREgisterServer from DLL specified.
Usecase: Execute dll file using technique that can evade defensive counter measures
Category: Execute
Privileges: User
MitreID: T1218
MitreLink: https://attack.mitre.org/wiki/Technique/T1218
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
Full_Path: Full_Path:
- Path: C:\Windows\System32\odbcconf.exe - Path: C:\Windows\System32\odbcconf.exe
- Path: C:\Windows\SysWOW64\odbcconf.exe - Path: C:\Windows\SysWOW64\odbcconf.exe
@ -22,7 +30,10 @@ Detection:
Resources: Resources:
- Link: https://gist.github.com/NickTyrer/6ef02ce3fd623483137b45f65017352b - Link: https://gist.github.com/NickTyrer/6ef02ce3fd623483137b45f65017352b
- Link: https://github.com/woanware/application-restriction-bypasses - Link: https://github.com/woanware/application-restriction-bypasses
- Link: https://twitter.com/Hexacorn/status/1187143326673330176
Acknowledgement: Acknowledgement:
- Person: Casey Smith - Person: Casey Smith
Handle: '@subtee' Handle: '@subtee'
- Person: Adam
Handle: '@Hexacorn'
--- ---