5 more Microsoft 'exploitable' opportunities #275
Labels
Comments
yosignals
changed the title
wietze
changed the title
|
Thanks @wietze ! (let's make it 6 ?) PhoneExperienceHost.exe will eat YourPhone.AppCore.WinRT.Utilities.dll using the above method (altho that exe was hard to find :] - I came back to see if any of those listed had made it in yet |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I was revisiting my old article on 'ExpLoading' (cheesy name I know) and thought I'd have a explore to see if they're still there and if there where any new observations
the original one I have in this project 'workfolders' is still present, altho I have seen enterprise security stop it but
have utility
GatherNetworkInfo is a vbs file resident to system32, so no need for the full path, no need to add the vbs (environment variable) when invoked from a user controlled folder (explained in the blogpost https://thecontractor.io/blog/exploading/ ) allows you to control the location that the search order takes place in, as is with all these listed, similar to workfolders.exe, so gathernetworkinfo will create opportunities for cmd.exe, powershell.exe, powercfg.exe,sc.exe,reg.exe and netsh.exe
wsl.exe using this method will search for wslhost.exe
iediagcmd.exe using this method will search for ipconfig.exe,route.exe,netsh.exe and make cab.exe
main.cpl using this method will search for MOUSE.DLL
system.cpl using this method will search for SystemPropertiesComputerName.exe
I'm sorry I don't have time to fill out all the information but I thought I'd share these findings, on the basis that it's an easy repeatable method to search for, where no real advanced skills are needed, handy for getting people interested too
https://youtu.be/ZhuwkT2E8Pw - visual guide to repeat (only 2 or less curse-words)
The text was updated successfully, but these errors were encountered: