public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-25 19:53:08 +02:00
Code Issues Projects Releases Wiki Activity

Addressing @bohops's feedback

Browse Source
This commit is contained in:
Wietze
2022-05-05 11:12:22 +01:00
parent 085aaa37b1
commit b92ee99627
11 changed files with 25 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
yml/OSLibraries/Advpack.yml
View File

@@ -15,7 +15,7 @@ Commands:
Description: Execute the specified (local or remote) .wsh/.sct script with scrobj.dll in the .inf file by calling an information file directive (DefaultInstall section implied).
Usecase: Run local or remote script(let) code through INF file specification.
Category: AWL Bypass
Privileges: Admin
Privileges: User
MitreID: T1218.011
OperatingSystem: Windows 10, Windows 11
- Command: rundll32.exe advpack.dll,RegisterOCX test.dll

2
yml/OSLibraries/Ieadvpack.yml
View File

@@ -15,7 +15,7 @@ Commands:
Description: Execute the specified (local or remote) .wsh/.sct script with scrobj.dll in the .inf file by calling an information file directive (DefaultInstall section implied).
Usecase: Run local or remote script(let) code through INF file specification.
Category: AWL Bypass
Privileges: Admin
Privileges: User
MitreID: T1218.011
OperatingSystem: Windows 10, Windows 11
- Command: rundll32.exe ieadvpack.dll,RegisterOCX test.dll

2
yml/OSLibraries/Mshtml.yml
View File

@@ -5,7 +5,7 @@ Author:
Created: 2018-05-25
Commands:
- Command: rundll32.exe Mshtml.dll,PrintHTML "C:\temp\calc.hta"
Description: Invoke an HTML Application via mshta.exe (Note - Pops a security warning and a print dialogue box).
Description: "Invoke an HTML Application via mshta.exe (note: pops a security warning and a print dialogue box)."
Usecase: Launch an HTA application.
Category: Execute
Privileges: User

2
yml/OSLibraries/comsvcs.yml
View File

@@ -4,7 +4,7 @@ Description: COM+ Services
Author:
Created: 2019-08-30
Commands:
- Command: rundll32 C:\windows\system32\comsvcs.dll MiniDump "[LSASS_PID] dump.bin full"
- Command: powershell /c rundll32 C:\windows\system32\comsvcs.dll MiniDump [LSASS_PID] dump.bin full
Description: Calls the MiniDump exported function of comsvcs.dll, which in turns calls MiniDumpWriteDump.
Usecase: Dump Lsass.exe process memory to retrieve credentials.
Category: Dump