Brian Beyer
20 lines
563 B
YAML
20 lines
563 B
YAML
attack_technique: T1118
|
|
display_name: InstallUtil
|
|
|
|
atomic_tests:
|
|
- name: InstallUtil uninstall method call
|
|
description: |
|
|
Executes the Uninstall Method
|
|
supported_platforms:
|
|
- windows
|
|
input_arguments:
|
|
filename:
|
|
description: location of the payload
|
|
type: Path
|
|
default: T1118.dll
|
|
executor:
|
|
name: command_prompt
|
|
command: |
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /target:library T1118.cs
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe /logfile= /LogToConsole=false /U #{filename}
|