public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-30 16:54:00 +01:00
Code Issues Projects Releases Wiki Activity

Update Advpack.yml Tags

Browse Source 
Added Tags:
Execute: INF
Execute: EXE
Execute: CMD
This commit is contained in:
hegusung 2024-10-13 18:10:51 +02:00 committed by GitHub
parent c34810b29b
commit e25d9fa435
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
yml/OSLibraries/Advpack.yml
View File

@ -11,6 +11,8 @@ Commands:
Privileges: User Privileges: User
MitreID: T1218.011 MitreID: T1218.011
OperatingSystem: Windows 10, Windows 11 OperatingSystem: Windows 10, Windows 11
Tags:
- Execute: INF
- Command: rundll32.exe advpack.dll,LaunchINFSection c:\test.inf,,1, - Command: rundll32.exe advpack.dll,LaunchINFSection c:\test.inf,,1,
Description: Execute the specified (local or remote) .wsh/.sct script with scrobj.dll in the .inf file by calling an information file directive (DefaultInstall section implied). Description: Execute the specified (local or remote) .wsh/.sct script with scrobj.dll in the .inf file by calling an information file directive (DefaultInstall section implied).
Usecase: Run local or remote script(let) code through INF file specification. Usecase: Run local or remote script(let) code through INF file specification.
@ -19,7 +21,7 @@ Commands:
MitreID: T1218.011 MitreID: T1218.011
OperatingSystem: Windows 10, Windows 11 OperatingSystem: Windows 10, Windows 11
Tags: Tags:
- Input: INF - Execute: INF
- Command: rundll32.exe advpack.dll,RegisterOCX test.dll - Command: rundll32.exe advpack.dll,RegisterOCX test.dll
Description: Launch a DLL payload by calling the RegisterOCX function. Description: Launch a DLL payload by calling the RegisterOCX function.
Usecase: Load a DLL payload. Usecase: Load a DLL payload.
@ -36,6 +38,8 @@ Commands:
Privileges: User Privileges: User
MitreID: T1218.011 MitreID: T1218.011
OperatingSystem: Windows 10, Windows 11 OperatingSystem: Windows 10, Windows 11
Tags:
- Execute: EXE
- Command: rundll32 advpack.dll, RegisterOCX "cmd.exe /c calc.exe" - Command: rundll32 advpack.dll, RegisterOCX "cmd.exe /c calc.exe"
Description: Launch command line by calling the RegisterOCX function. Description: Launch command line by calling the RegisterOCX function.
Usecase: Run an executable payload. Usecase: Run an executable payload.
@ -43,6 +47,8 @@ Commands:
Privileges: User Privileges: User
MitreID: T1218.011 MitreID: T1218.011
OperatingSystem: Windows 10, Windows 11 OperatingSystem: Windows 10, Windows 11
Tags:
- Execute: CMD
Full_Path: Full_Path:
- Path: c:\windows\system32\advpack.dll - Path: c:\windows\system32\advpack.dll
- Path: c:\windows\syswow64\advpack.dll - Path: c:\windows\syswow64\advpack.dll