public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-28 21:22:07 +02:00
Code Issues Projects Releases Wiki Activity

Update scripts with new template. Fixed mgmt script for webportal. Adjustments to existing yml files

Browse Source
This commit is contained in:
Oddvar Moe
2018-09-26 11:41:58 +02:00
parent d48273583e
commit bac3b9e56c
38 changed files with 405 additions and 245 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
yml/OSScripts/pester.yml
View File

@@ -1,18 +1,27 @@
---
Name: pester.bat
Description: Execute code using Pester. The third parameter can be anything. The fourth is the payload.
Author: ''
Name: Pester.bat
Description: Used as part of the Powershell pester
Author: 'Oddvar Moe'
Created: '2018-05-25'
Categories: []
Commands:
- Command: Pester.bat [/help|?|-?|/?] "$null; notepad"
Description: Execute notepad
- Command: Pester.bat [/help|?|-?|/?] "$null; notepad"
Description: Execute code using Pester. The third parameter can be anything. The fourth is the payload. Example here executes notepad
Usecase: Proxy execution
Category: Execute
Privileges: User
MitreID: T1216
MitreLink: https://attack.mitre.org/wiki/Technique/T1216
OperatingSystem: Windows 10
Full Path:
- c:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\bin\Pester.bat
- c:\Program Files\WindowsPowerShell\Modules\Pester\*\bin\Pester.bat
Code Sample: []
Detection: []
- Path: c:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\bin\Pester.bat
- Path: c:\Program Files\WindowsPowerShell\Modules\Pester\*\bin\Pester.bat
Code Sample:
- Code:
Detection:
- IOC:
Resources:
- https://twitter.com/Oddvarmoe/status/993383596244258816
- https://github.com/api0cradle/LOLBAS/blob/master/OSScripts/pester.md
Notes: Thanks to Emin Atac - @p0w3rsh3ll
- Link: https://twitter.com/Oddvarmoe/status/993383596244258816
Acknowledgement:
- Person: Emin Atac
Handle: '@p0w3rsh3ll'
---