public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-26 04:04:09 +02:00
Code Issues Projects Releases Wiki Activity

Errors in YAML files corrected

Browse Source
This commit is contained in:
Oddvar Moe
2018-10-25 21:24:55 +02:00
parent 550263cd1e
commit a61d2586cf
3 changed files with 31 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
yml/OSScripts/Winrm.yml
View File

@@ -28,7 +28,7 @@ Commands:
MitreID: T1216
MitreLink: https://attack.mitre.org/wiki/Technique/T1216
OperatingSystem: Windows 10
- Command: '%SystemDrive%\BypassDir\cscript //nologo %windir%\System32\winrm.vbs get wmicimv2/Win32_Process?Handle=4 -format:pretty'
- Command: '%SystemDrive%\BypassDir\cscript //nologo %windir%\System32\winrm.vbs get wmicimv2/Win32_Process?Handle=4 -format:pretty'
Description: Bypass AWL solutions by copying and executing cscript.exe and malicious XSL documents from attacker controlled location
Usecase: Execute aribtrary, unsigned code via XSL script
Category: AWL Bypass