Update recon-rename-wmi-cmd-evasion.json

2017-08-11 15:33:36 -04:00 · 2017-08-11 15:33:36 -04:00 · ca72350b58
parent 5fcd722dc8
commit ca72350b58
1 changed files with 5 additions and 5 deletions
--- a/configs/recon-rename-wmi-cmd-evasion.json
+++ b/configs/recon-rename-wmi-cmd-evasion.json
@ -1,15 +1,15 @@
 {
-	"description": "Recon payload with powershell renaming, and PS command execution via WMI, including evasion",
+	"description": "Recon payload with powershell renaming, and PS command execution via WMI, including process check evasion",
 	"template": "templates/payloads/recon-rename-wmi-cmd-evasion.vba",
 	"varcount": 150,
 	"encodingoffset": 4,
 	"chunksize": 200,
 	"encodedvars":{
 				"URL":"FULL URL THAT LOGS POST REQUESTS",
-                "PROCESS_NAME":"outlook.exe",
-                "SRC": "C:\\Windows\\System32\\WindowsPowershell\\v1.0\\powershell.exe",
-                "DST": "FILENAME.EXE",
-                "TEMP": "TEMP"
+                		"PROCESS_NAME":"outlook.exe",
+                		"SRC": "C:\\Windows\\System32\\WindowsPowershell\\v1.0\\powershell.exe",
+                		"DST": "FILENAME.EXE",
+                		"TEMP": "TEMP"
 			},
 	"vars": 	[],
 	"evasion": 	["encoder", "process"],