Added Gpscript.exe

2018-04-27 21:07:49 +02:00 · 2018-04-27 21:07:49 +02:00 · 4503efd576
parent d6eec4ea74
commit 4503efd576
1 changed files with 42 additions and 0 deletions
--- a/OSBinaries/Gpscript.md
+++ b/OSBinaries/Gpscript.md
@ -0,0 +1,42 @@
+## Gpscript.exe
+
+* Functions: Execute
+
+```
+Gpscript /logon    
+
+Gpscript /startup    
+```
+
+Acknowledgements:
+* Oddvar Moe - @oddvarmoe
+
+Code sample:
+*
+
+Resources:
+* https://oddvar.moe/2018/04/27/gpscript-exe-another-lolbin-to-the-list/
+
+
+Full path:
+```
+c:\windows\system32\gpscript.exe
+c:\windows\sysWOW64\gpscript.exe
+```
+
+Notes:
+You need to add Scripts.ini file under C:\Windows\System32\GroupPolicy\User\Scripts that contains the following:
+[Logon]
+0CmdLine=C:\data\dummy.bat
+0Parameters=
+
+If you want ps1 scripts you need to name the file PSscripts.ini instead.
+
+You also need to add CSE guid to gpt.ini file and also increase version number. This is located under C:\Windows\System32\GroupPolicy\.
+
+Before running gpscript.exe /logon you need to run gpupdate with the mentioned files in place first.
+
+
+Detection:
+Changes to or new scripts.ini or psscripts.ini
+