module
Regsvr32.exe (.sct) Command Delivery Server
| Disclosed | Created |
|---|---|
| N/A | May 30, 2018 |
Disclosed
N/A
Created
May 30, 2018
Description
This module uses the Regsvr32.exe Application Whitelisting Bypass technique as a way to run a command on
a target system. The major advantage of this technique is that you can execute a static command on the target
system and dynamically and remotely change the command that will actually run (by changing the value of CMD).
This is useful when combined with persistence methods (e.g., a recurring scheduled task) or when flexibility
is needed through the use of a single command (e.g., as Rubber Ducky payload).
a target system. The major advantage of this technique is that you can execute a static command on the target
system and dynamically and remotely change the command that will actually run (by changing the value of CMD).
This is useful when combined with persistence methods (e.g., a recurring scheduled task) or when flexibility
is needed through the use of a single command (e.g., as Rubber Ducky payload).
Authors
Casey Smith
Trenton Ivey
mubix mubix@hak5.org
Trenton Ivey
mubix mubix@hak5.org
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.