public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-26 14:59:03 +01:00
Code Issues Projects Releases Wiki Activity
f2cd38a64f
LOLBAS/Shdocvw.md
bohops 793a512551
Updated Libs
2018-09-16 08:04:36 -04:00

1.2 KiB
Raw Blame History

name description functions resources fullpath notes
shdocvw.dll Shell Doc Object and Control Library.
execute
description code
Launch an executable payload via proxy through a(n) URL (information) file by calling OpenURL. rundll32.exe shdocvw.dll,OpenURL "C:\test\calc.url"
description code
Launch an executable payload via proxy through a renamed URL (information) file by calling OpenURL. rundll32.exe shdocvw.dll,OpenURL "C:\test\calc.zz"
resource
http://www.hexacorn.com/blog/2018/03/15/running-programs-via-proxy-jumping-on-a-edr-bypass-trampoline-part-5/
resource
https://bohops.com/2018/03/17/abusing-exported-functions-and-exposed-dcom-interfaces-for-pass-thru-command-execution-and-lateral-movement/
resource
https://twitter.com/bohops/status/997690405092290561
resource
1206a613a6/calc.url
resource
https://windows10dll.nirsoft.net/shdocvw_dll.html
path
c:\windows\system32\shdocvw.dll
path
c:\windows\syswow64\shdocvw.dll
Thanks to Adam - @hexacorn, Jimmy - @bohops